-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Single source for SSL / mbedtls buffer size setting #2248
Conversation
app/lwip/app/espconn_tcp.c
Outdated
@@ -430,12 +434,14 @@ espconn_Task(os_event_t *events) | |||
break; | |||
case SIG_ESPCONN_ERRER: | |||
/*remove the node from the client's active connection list*/ | |||
espconn_list_delete(&plink_active, task_msg); | |||
if (espconn_manual_recv_enabled(task_msg)) | |||
espconn_list_delete(&plink_active, task_msg); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks like dubious indentation, post-patch. I believe that the if and list_delete should be 4 spaces further to the right but that the code is plausibly conveying the correct semantics as written?
app/lwip/app/espconn_tcp.c
Outdated
espconn_tcp_reconnect(task_msg); | ||
break; | ||
case SIG_ESPCONN_CLOSE: | ||
/*remove the node from the client's active connection list*/ | ||
espconn_list_delete(&plink_active, task_msg); | ||
if (espconn_manual_recv_enabled(task_msg)) | ||
espconn_list_delete(&plink_active, task_msg); | ||
espconn_tcp_disconnect_successful(task_msg); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another dubious indent.
app/mbedtls/app/espconn_mbedtls.c
Outdated
TLSmsg = pinfo->pssl; | ||
lwIP_REQUIRE_ACTION(TLSmsg,exit,); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please do not apply the next hunks, from here to line 452; doing so undoes a deliberate change. See ef7a694 .
app/mbedtls/app/espconn_mbedtls.c
Outdated
@@ -712,12 +716,6 @@ static bool mbedtls_msg_info_load(mbedtls_msg *msg, mbedtls_auth_info *auth_info | |||
} | |||
} | |||
|
|||
static void |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please do not remove this function.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updating espconn is a great idea, but this is an over-eager commit. Please see my commentary on #2225 and please cherry-pick commits from Espressif, rather than replacing files wholesale.
app/mbedtls/app/espconn_mbedtls.c
Outdated
@@ -798,7 +796,7 @@ static bool mbedtls_msg_config(mbedtls_msg *msg) | |||
mbedtls_ssl_conf_authmode(&msg->conf, MBEDTLS_SSL_VERIFY_NONE); | |||
} | |||
mbedtls_ssl_conf_rng(&msg->conf, mbedtls_ctr_drbg_random, &msg->ctr_drbg); | |||
mbedtls_ssl_conf_dbg(&msg->conf, mbedtls_dbg, NULL); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please do not apply this hunk. See b382291 .
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The second commit. for buffer sizes, seems fine. (Github's UI leaves a lot to be desired.)
Thanks for the review @nwf. Do you see a possibility to merge your changes for espconn_mbedtls.c back into upstream non-os sdk? That would simplify maintenance a lot. |
I hadn't really considered pushing them upstream, but perhaps they should go that way. Is it just "open a PR" on the SDK repo? That said, rather than landing a monolithic "update to new SDK" commit, it might be useful for the nodemcu tree to cherrypick or merge commits from Espressif, so that the commit log is more useful, separately from purely preserving our own changes. |
I agree, but how to perform that - technically? |
Yes, but it might take months to get accepted. Espressif uses the GitHub repo as a kind-of replication of their internal repo.
I guess you'd have to add the Espressif repo as an additional Git remote first. |
Whoever set up the nodemcu repo did not do so by forking the sdk, so git whines that there's no common ancestry. Upstreaming our changes is probably the simplest step by far, but failing that, the thing to do is probably to extract the diffs from the sdk and mangle them to apply to nodemcu. One hopes that this is easy, given that there are 70 commits between v2.1.0 and v2.2.0. |
I've started reviewing the commits one by one. Here's what I've got for the first several:
The ones that just update *.a files are presumably of little importance to us, since we grab the SDK wholesale, including the .a files. Yes? |
Arnim, do you want proceed with this PR standalone or would you rather "embed" this into #2225? |
The latter, I guess. The SDK release surfaced earlier and the topic is more complex than I expected. I'll remove the problematic commit and reduce this PR to the "single-source for SSL buffer topic". This is independent of any SDK and already agreed upon 😃 |
fb96406
to
41b9d93
Compare
I am attempting to shove my app into an old esp-07 (512KB flash). It worked fine until the recent SDK 2.2 move but now the image it too large, leaving only 30KB for SPIFFS. I looked around for ways to trim the image and commented out in This broke the build
FYI |
Please don't resurrect old PRs as a means to get support. Yes, some buffer size is required, so simply commenting out the buffer size definition will not work. Moreover, the buffer is in RAM, not flash, so pruning it won't do what you want. Yet still, if SSL is disabled, none of this code is linked into the final build product. The 512K flash modules are supported only on the old 1.5.4.1 branch of NodeMCU. |
Addresses #1707.
dev
branch rather than formaster
.Commit "update espconn apps for lwip and mbedtls from non-os sdk master branch"Recent bug fixes for espconn layer in Espressif's NON-OS SDK appear to fix theHTTP client: Disconnected with error: 8
error with our http client (ref. #1707 (comment)).espconn*
files are copied from third_party/mbedtls and third_party/lwip in https://github.com/espressif/ESP8266_NONOS_SDK/tree/cab958da920a9c29b09b8c8f906780a5d3d0427b/Commit "enforce single source for SSL buffer size"
We had some inconsistency in the code base related to SSL buffer size configuration.
Situation up to now
user_config.h
definesSSL_BUFFER_SIZE
to 5120app/user/user_main.c
uses this to configure the espconn/mbedtls layerespconn_secure_set_size()
is not effective due to our own integration of mbedtls. Espressif applied some tweaks to enable dynamic buffer sizing.MBEDTLS_SSL_MAX_CONTENT_LEN
inuser_mbedtls.h
.Change
SSL buffer sizing mechanism is (almost) back to pre-mbedtls status:
Single source for SSL/TLS buffer size definition with
SSL_BUFFER_SIZE
inuser_config.h
. No need anymore to set the same value inuser_mbedtls.h
.Summary
We lost dynamic buffer sizing when we moved to our local mbedtls. It's not possible with the current configuration of
mbedtls
since the featureMBEDTLS_SSL_MAX_FRAGMENT_LENGTH
and dynamic buffers are mutually exclusive due to non-constant initializer element error from app/mbedtls/library/ssl_tls.c:150.If we decide to disable
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
then we could apply the same tweak like Espressif did and add a function to thetls
module API to set buffer size during runtime.