SSL works until it runs out of memory

tannewt · tannewt · commit 430530c74ba0 · 2020-08-19T14:23:28.000-07:00
diff --git a/ports/esp32s2/common-hal/socketpool/Socket.c b/ports/esp32s2/common-hal/socketpool/Socket.c
@@ -39,7 +39,11 @@ bool common_hal_socketpool_socket_connect(socketpool_socket_obj_t* self, const c
     // should become more and more common. Therefore, we optimize for the TLS case.
 
     ESP_LOGI(TAG, "connecting to %s:%d %p", host, port, self->ssl_context);
-    int result = esp_tls_conn_new_sync(host, hostlen, port, self->ssl_context, self->tcp);
+    esp_tls_cfg_t* tls_config = NULL;
+    if (self->ssl_context != NULL) {
+        tls_config = &self->ssl_context->ssl_config;
+    }
+    int result = esp_tls_conn_new_sync(host, hostlen, port, tls_config, self->tcp);
     ESP_LOGI(TAG, "result %d", result);
     return result >= 0;
 }
diff --git a/ports/esp32s2/common-hal/socketpool/Socket.h b/ports/esp32s2/common-hal/socketpool/Socket.h
@@ -30,14 +30,15 @@
 #include "py/obj.h"
 
 #include "common-hal/socketpool/SocketPool.h"
+#include "common-hal/ssl/SSLContext.h"
 
 #include "esp-idf/components/esp-tls/esp_tls.h"
 
 typedef struct {
     mp_obj_base_t base;
     int num;
     esp_tls_t* tcp;
-    esp_tls_cfg_t* ssl_context;
+    ssl_sslcontext_obj_t* ssl_context;
     socketpool_socketpool_obj_t* pool;
     mp_uint_t timeout_ms;
 } socketpool_socket_obj_t;
diff --git a/ports/esp32s2/common-hal/ssl/SSLContext.c b/ports/esp32s2/common-hal/ssl/SSLContext.c
@@ -24,16 +24,18 @@
  * THE SOFTWARE.
  */
 
-#include "shared-bindings/socketpool/SocketPool.h"
+#include "shared-bindings/ssl/SSLContext.h"
 
 #include "py/runtime.h"
 
-#include "esp-idf/components/lwip/lwip/src/include/lwip/netdb.h"
+void common_hal_ssl_sslcontext_construct(ssl_sslcontext_obj_t* self) {
+
+}
 
 socketpool_socket_obj_t* common_hal_ssl_sslcontext_wrap_socket(ssl_sslcontext_obj_t* self,
     socketpool_socket_obj_t* socket, bool server_side, const char* server_hostname) {
 
-
+    socket->ssl_context = self;
     // Should we store server hostname on the socket in case connect is called with an ip?
     return socket;
 }
diff --git a/ports/esp32s2/common-hal/ssl/SSLContext.h b/ports/esp32s2/common-hal/ssl/SSLContext.h
@@ -29,6 +29,8 @@
 
 #include "py/obj.h"
 
+#include "esp-idf/components/esp-tls/esp_tls.h"
+
 typedef struct {
     mp_obj_base_t base;
     esp_tls_cfg_t ssl_config;
diff --git a/ports/esp32s2/common-hal/ssl/__init__.c b/ports/esp32s2/common-hal/ssl/__init__.c
@@ -24,8 +24,11 @@
  * THE SOFTWARE.
  */
 
-#ifndef MICROPY_INCLUDED_ESP32S2_COMMON_HAL_SOCKETPOOL___INIT___H
-#define MICROPY_INCLUDED_ESP32S2_COMMON_HAL_SOCKETPOOL___INIT___H
+#include "shared-bindings/ssl/SSLContext.h"
 
+#include "esp-idf/components/mbedtls/esp_crt_bundle/include/esp_crt_bundle.h"
 
-#endif // MICROPY_INCLUDED_ESP32S2_COMMON_HAL_SOCKETPOOL___INIT___H
+void common_hal_ssl_create_default_context(ssl_sslcontext_obj_t* self) {
+    memset(&self->ssl_config, 0, sizeof(esp_tls_cfg_t));
+    self->ssl_config.crt_bundle_attach = esp_crt_bundle_attach;
+}
diff --git a/ports/esp32s2/common-hal/ssl/__init__.h b/ports/esp32s2/common-hal/ssl/__init__.h
@@ -24,8 +24,8 @@
  * THE SOFTWARE.
  */
 
-#ifndef MICROPY_INCLUDED_ESP32S2_COMMON_HAL_SOCKETPOOL___INIT___H
-#define MICROPY_INCLUDED_ESP32S2_COMMON_HAL_SOCKETPOOL___INIT___H
+#ifndef MICROPY_INCLUDED_ESP32S2_COMMON_HAL_SSL___INIT___H
+#define MICROPY_INCLUDED_ESP32S2_COMMON_HAL_SSL___INIT___H
 
 
-#endif // MICROPY_INCLUDED_ESP32S2_COMMON_HAL_SOCKETPOOL___INIT___H
+#endif // MICROPY_INCLUDED_ESP32S2_COMMON_HAL_SSL___INIT___H
diff --git a/ports/esp32s2/supervisor/port.c b/ports/esp32s2/supervisor/port.c
@@ -48,7 +48,7 @@
 #include "esp_log.h"
 static const char *TAG = "cp port";
 
-#define HEAP_SIZE (64 * 1024)
+#define HEAP_SIZE (48 * 1024)
 
 STATIC esp_timer_handle_t _tick_timer;
 
diff --git a/py/circuitpy_defns.mk b/py/circuitpy_defns.mk
@@ -231,6 +231,9 @@ endif
 ifeq ($(CIRCUITPY_SOCKETPOOL),1)
 SRC_PATTERNS += socketpool/%
 endif
+ifeq ($(CIRCUITPY_SSL),1)
+SRC_PATTERNS += ssl/%
+endif
 ifeq ($(CIRCUITPY_STAGE),1)
 SRC_PATTERNS += _stage/%
 endif
@@ -340,6 +343,8 @@ SRC_COMMON_HAL_ALL = \
 	socketpool/__init__.c \
 	socketpool/SocketPool.c \
 	socketpool/Socket.c \
+	ssl/__init__.c \
+	ssl/SSLContext.c \
 	supervisor/Runtime.c \
 	supervisor/__init__.c \
 	watchdog/WatchDogMode.c \
diff --git a/py/circuitpy_mpconfig.h b/py/circuitpy_mpconfig.h
@@ -588,6 +588,13 @@ extern const struct _mp_obj_module_t socketpool_module;
 #define SOCKETPOOL_MODULE
 #endif
 
+#if CIRCUITPY_SSL
+extern const struct _mp_obj_module_t ssl_module;
+#define SSL_MODULE           { MP_OBJ_NEW_QSTR(MP_QSTR_ssl), (mp_obj_t)&ssl_module },
+#else
+#define SSL_MODULE
+#endif
+
 #if CIRCUITPY_STAGE
 extern const struct _mp_obj_module_t stage_module;
 #define STAGE_MODULE           { MP_OBJ_NEW_QSTR(MP_QSTR__stage), (mp_obj_t)&stage_module },
@@ -773,6 +780,7 @@ extern const struct _mp_obj_module_t wifi_module;
     SDIOIO_MODULE \
     SHARPDISPLAY_MODULE \
     SOCKETPOOL_MODULE \
+    SSL_MODULE \
     STAGE_MODULE \
     STORAGE_MODULE \
     STRUCT_MODULE \
diff --git a/py/circuitpy_mpconfig.mk b/py/circuitpy_mpconfig.mk
@@ -188,6 +188,9 @@ CFLAGS += -DCIRCUITPY_SHARPDISPLAY=$(CIRCUITPY_SHARPDISPLAY)
 CIRCUITPY_SOCKETPOOL ?= $(CIRCUITPY_WIFI)
 CFLAGS += -DCIRCUITPY_SOCKETPOOL=$(CIRCUITPY_SOCKETPOOL)
 
+CIRCUITPY_SSL ?= $(CIRCUITPY_WIFI)
+CFLAGS += -DCIRCUITPY_SSL=$(CIRCUITPY_SSL)
+
 # Currently always off.
 CIRCUITPY_STAGE ?= 0
 CFLAGS += -DCIRCUITPY_STAGE=$(CIRCUITPY_STAGE)
diff --git a/shared-bindings/socketpool/__init__.h b/shared-bindings/socketpool/__init__.h
@@ -24,11 +24,7 @@
  * THE SOFTWARE.
  */
 
-#ifndef MICROPY_INCLUDED_SHARED_BINDINGS_IPADDRESS___INIT___H
-#define MICROPY_INCLUDED_SHARED_BINDINGS_IPADDRESS___INIT___H
+#ifndef MICROPY_INCLUDED_SHARED_BINDINGS_SOCKETPOOL___INIT___H
+#define MICROPY_INCLUDED_SHARED_BINDINGS_SOCKETPOOL___INIT___H
 
-#include "shared-module/ipaddress/__init__.h"
-
-mp_obj_t common_hal_ipaddress_new_ipv4address(uint32_t value);
-
-#endif // MICROPY_INCLUDED_SHARED_BINDINGS_IPADDRESS___INIT___H
+#endif // MICROPY_INCLUDED_SHARED_BINDINGS_SOCKETPOOL___INIT___H
diff --git a/shared-bindings/ssl/SSLContext.c b/shared-bindings/ssl/SSLContext.c
@@ -0,0 +1,93 @@
+/*
+ * This file is part of the MicroPython project, http://micropython.org/
+ *
+ * The MIT License (MIT)
+ *
+ * SPDX-FileCopyrightText: Copyright (c) 2014 Damien P. George
+ *               2018 Nick Moore for Adafruit Industries
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "py/objtuple.h"
+#include "py/objlist.h"
+#include "py/runtime.h"
+#include "py/mperrno.h"
+
+#include "shared-bindings/ssl/SSLContext.h"
+
+//| class SSLContext:
+//|
+
+STATIC mp_obj_t ssl_sslcontext_make_new(const mp_obj_type_t *type, size_t n_args, const mp_obj_t *args, mp_map_t *kw_args) {
+    mp_arg_check_num(n_args, kw_args, 0, 1, false);
+
+    ssl_sslcontext_obj_t *s = m_new_obj(ssl_sslcontext_obj_t);
+    s->base.type = &ssl_sslcontext_type;
+
+    common_hal_ssl_sslcontext_construct(s);
+
+    return MP_OBJ_FROM_PTR(s);
+}
+
+//| def wrap_socket(sock: socketpool.Socket, *, server_side: bool = False, server_hostname: str = None) -> socketpool.Socket:
+//|     """Wraps the socket into a socket-compatible class that handles SSL negotiation.
+//|        The socket must be of type SOCK_STREAM."""
+//|     ...
+//|
+
+STATIC mp_obj_t ssl_sslcontext_wrap_socket(size_t n_args, const mp_obj_t *pos_args, mp_map_t *kw_args) {
+    enum { ARG_sock, ARG_server_side, ARG_server_hostname };
+    static const mp_arg_t allowed_args[] = {
+        { MP_QSTR_sock, MP_ARG_OBJ | MP_ARG_REQUIRED },
+        { MP_QSTR_server_side, MP_ARG_KW_ONLY | MP_ARG_BOOL, {.u_bool = false} },
+        { MP_QSTR_server_hostname, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_obj = mp_const_none} },
+    };
+    ssl_sslcontext_obj_t *self = MP_OBJ_TO_PTR(pos_args[0]);
+
+    mp_arg_val_t args[MP_ARRAY_SIZE(allowed_args)];
+    mp_arg_parse_all(n_args - 1, pos_args + 1, kw_args, MP_ARRAY_SIZE(allowed_args), allowed_args, args);
+
+    const char *server_hostname = mp_obj_str_get_str(args[ARG_server_hostname].u_obj);
+    bool server_side = args[ARG_server_side].u_bool;
+    if (server_side && server_hostname != NULL) {
+        mp_raise_ValueError(translate("Server side context cannot have hostname."));
+    }
+
+    socketpool_socket_obj_t* sock = args[ARG_sock].u_obj;
+
+    return common_hal_ssl_sslcontext_wrap_socket(self, sock, server_side, server_hostname);
+}
+STATIC MP_DEFINE_CONST_FUN_OBJ_KW(ssl_sslcontext_wrap_socket_obj, 2, ssl_sslcontext_wrap_socket);
+
+STATIC const mp_rom_map_elem_t ssl_sslcontext_locals_dict_table[] = {
+    { MP_ROM_QSTR(MP_QSTR_wrap_socket), MP_ROM_PTR(&ssl_sslcontext_wrap_socket_obj) },
+};
+
+STATIC MP_DEFINE_CONST_DICT(ssl_sslcontext_locals_dict, ssl_sslcontext_locals_dict_table);
+
+const mp_obj_type_t ssl_sslcontext_type = {
+    { &mp_type_type },
+    .name = MP_QSTR_SSLContext,
+    .make_new = ssl_sslcontext_make_new,
+    .locals_dict = (mp_obj_dict_t*)&ssl_sslcontext_locals_dict,
+};
diff --git a/shared-bindings/ssl/SSLContext.h b/shared-bindings/ssl/SSLContext.h
@@ -0,0 +1,52 @@
+/*
+ * This file is part of the MicroPython project, http://micropython.org/
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2020 Scott Shawcroft for Adafruit Industries
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef MICROPY_INCLUDED_SHARED_BINDINGS_SSL_SSLCONTEXT_H
+#define MICROPY_INCLUDED_SHARED_BINDINGS_SSL_SSLCONTEXT_H
+
+#include "common-hal/ssl/SSLContext.h"
+
+#include "shared-bindings/socketpool/Socket.h"
+
+extern const mp_obj_type_t ssl_sslcontext_type;
+
+// typedef enum {
+//     SOCKETPOOL_SOCK_STREAM,
+//     SOCKETPOOL_SOCK_DGRAM,
+//     SOCKETPOOL_SOCK_RAW
+// } socketpool_socketpool_sock_t;
+
+// typedef enum {
+//     SOCKETPOOL_AF_INET,
+//     SOCKETPOOL_AF_INET6
+// } socketpool_socketpool_addressfamily_t;
+
+void common_hal_ssl_sslcontext_construct(ssl_sslcontext_obj_t* self);
+
+socketpool_socket_obj_t* common_hal_ssl_sslcontext_wrap_socket(ssl_sslcontext_obj_t* self,
+    socketpool_socket_obj_t* sock, bool server_side, const char* server_hostname);
+
+#endif // MICROPY_INCLUDED_SHARED_BINDINGS_SSL_SSLCONTEXT_H
diff --git a/shared-bindings/ssl/__init__.c b/shared-bindings/ssl/__init__.c
@@ -0,0 +1,74 @@
+/*
+ * This file is part of the MicroPython project, http://micropython.org/
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2020 Scott Shawcroft for Adafruit Industries
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "py/objexcept.h"
+#include "py/objstr.h"
+#include "py/parsenum.h"
+#include "py/runtime.h"
+#include "shared-bindings/ssl/__init__.h"
+#include "shared-bindings/ssl/SSLContext.h"
+
+//| """
+//| The `ssl` module provides SSL contexts to wrap sockets in.
+//| """
+//|
+
+//| def create_default_context() -> ssl.SSLContext:
+//|     """Return the default SSLContext."""
+//|     ...
+//|
+
+STATIC mp_obj_t ssl_create_default_context(void) {
+    ssl_sslcontext_obj_t *s = m_new_obj(ssl_sslcontext_obj_t);
+    s->base.type = &ssl_sslcontext_type;
+
+    common_hal_ssl_create_default_context(s);
+    return s;
+}
+MP_DEFINE_CONST_FUN_OBJ_0(ssl_create_default_context_obj, ssl_create_default_context);
+
+STATIC const mp_rom_map_elem_t ssl_globals_table[] = {
+    { MP_ROM_QSTR(MP_QSTR___name__), MP_ROM_QSTR(MP_QSTR_ssl) },
+
+    { MP_ROM_QSTR(MP_QSTR_create_default_context), MP_ROM_PTR(&ssl_create_default_context_obj) },
+
+    { MP_ROM_QSTR(MP_QSTR_SSLContext), MP_ROM_PTR(&ssl_sslcontext_type) },
+
+    // class constants
+    // { MP_ROM_QSTR(MP_QSTR_AF_INET), MP_ROM_INT(SOCKETPOOL_AF_INET) },
+    // { MP_ROM_QSTR(MP_QSTR_AF_INET6), MP_ROM_INT(SOCKETPOOL_AF_INET6) },
+
+    // { MP_ROM_QSTR(MP_QSTR_SOCK_STREAM), MP_ROM_INT(SOCKETPOOL_SOCK_STREAM) },
+    // { MP_ROM_QSTR(MP_QSTR_SOCK_DGRAM), MP_ROM_INT(SOCKETPOOL_SOCK_DGRAM) },
+    // { MP_ROM_QSTR(MP_QSTR_SOCK_RAW), MP_ROM_INT(SOCKETPOOL_SOCK_RAW) },
+};
+
+STATIC MP_DEFINE_CONST_DICT(ssl_globals, ssl_globals_table);
+
+const mp_obj_module_t ssl_module = {
+    .base = { &mp_type_module },
+    .globals = (mp_obj_dict_t*)&ssl_globals,
+};
diff --git a/shared-bindings/ssl/__init__.h b/shared-bindings/ssl/__init__.h
