make
xtensa-lx106-elf-gcc -std=c99 -DESP8266 -Wall -Os -g -O2 -Wpointer-arith -Wl,-EL -nostdlib -mlongcalls -mno-text-section-literals -D__ets__ -DICACHE_FLASH -ffunction-sections -fdata-sections -fdebug-prefix-map=/home/cdo/Documents/git/axtls-8266= -fdebug-prefix-map=/=xtensa-lx106-elf -gno-record-gcc-switches -mforce-l32 -I/include -Icrypto -Issl -I. -c -o crypto/aes.o crypto/aes.c
In file included from /home/cdo/.arduino15/packages/esp8266/tools/xtensa-lx106-elf-gcc/2.5.0-3-20ed2b9/xtensa-lx106-elf/include/sys/stdio.h:6:0,
from /home/cdo/.arduino15/packages/esp8266/tools/xtensa-lx106-elf-gcc/2.5.0-3-20ed2b9/xtensa-lx106-elf/include/stdio.h:63,
from ssl/os_port.h:46,
from crypto/aes.c:38:
/home/cdo/.arduino15/packages/esp8266/tools/xtensa-lx106-elf-gcc/2.5.0-3-20ed2b9/xtensa-lx106-elf/include/sys/pgmspace.h: In function 'pgm_read_byte_inlined':
/home/cdo/.arduino15/packages/esp8266/tools/xtensa-lx106-elf-gcc/2.5.0-3-20ed2b9/xtensa-lx106-elf/include/sys/pgmspace.h:60:3: error: expected ')' before ':' token
pgm_read_with_offset(addr, res);
^
/home/cdo/.arduino15/packages/esp8266/tools/xtensa-lx106-elf-gcc/2.5.0-3-20ed2b9/xtensa-lx106-elf/include/sys/pgmspace.h: In function 'pgm_read_word_inlined':
/home/cdo/.arduino15/packages/esp8266/tools/xtensa-lx106-elf-gcc/2.5.0-3-20ed2b9/xtensa-lx106-elf/include/sys/pgmspace.h:67:3: error: expected ')' before ':' token
pgm_read_with_offset(addr, res);
^
In file included from crypto/aes.c:38:0:
ssl/os_port.h: At top level:
ssl/os_port.h:126:0: warning: "PSTR" redefined [enabled by default]
#define PSTR(s) (extension({static const char __c[] PROGMEM = (s); &__c[0];}))
^
In file included from /home/cdo/.arduino15/packages/esp8266/tools/xtensa-lx106-elf-gcc/2.5.0-3-20ed2b9/xtensa-lx106-elf/include/sys/stdio.h:6:0,
from /home/cdo/.arduino15/packages/esp8266/tools/xtensa-lx106-elf-gcc/2.5.0-3-20ed2b9/xtensa-lx106-elf/include/stdio.h:63,
from ssl/os_port.h:46,
from crypto/aes.c:38:
/home/cdo/.arduino15/packages/esp8266/tools/xtensa-lx106-elf-gcc/2.5.0-3-20ed2b9/xtensa-lx106-elf/include/sys/pgmspace.h:37:0: note: this is the location of the previous definition
#define PSTR(s) (extension({static const char __c[] attribute((aligned(4))) PROGMEM = (s); &__c[0];}))
^
In file included from crypto/aes.c:38:0:
ssl/os_port.h:128:21: error: static declaration of 'memcpy_P' follows non-static declaration
static inline void* memcpy_P(void* dest, PGM_VOID_P src, size_t count) {
^
In file included from /home/cdo/.arduino15/packages/esp8266/tools/xtensa-lx106-elf-gcc/2.5.0-3-20ed2b9/xtensa-lx106-elf/include/string.h:10:0,
from crypto/aes.c:37:
/home/cdo/.arduino15/packages/esp8266/tools/xtensa-lx106-elf-gcc/2.5.0-3-20ed2b9/xtensa-lx106-elf/include/sys/string.h:27:8: note: previous declaration of 'memcpy_P' was here
_PTR _EXFUN(memcpy_P,(_PTR __restrict, const _PTR __restrict, size_t));
^
In file included from /home/cdo/.arduino15/packages/esp8266/tools/xtensa-lx106-elf-gcc/2.5.0-3-20ed2b9/xtensa-lx106-elf/include/string.h:163:0,
from crypto/aes.c:37:
ssl/os_port.h:140:19: error: expected declaration specifiers or '...' before '(' token
static inline int strlen_P(const char *str) {
^
ssl/os_port.h:140:19: error: expected declaration specifiers or '...' before numeric constant
static inline int strlen_P(const char *str) {
^
In file included from crypto/aes.c:38:0:
ssl/os_port.h:145:19: error: static declaration of 'memcmp_P' follows non-static declaration
static inline int memcmp_P(const void *a1, const void *b1, size_t len) {
^
In file included from /home/cdo/.arduino15/packages/esp8266/tools/xtensa-lx106-elf-gcc/2.5.0-3-20ed2b9/xtensa-lx106-elf/include/string.h:10:0,
from crypto/aes.c:37:
/home/cdo/.arduino15/packages/esp8266/tools/xtensa-lx106-elf-gcc/2.5.0-3-20ed2b9/xtensa-lx106-elf/include/sys/string.h:25:7: note: previous declaration of 'memcmp_P' was here
int _EXFUN(memcmp_P,(const _PTR, const _PTR, size_t));
^
In file included from crypto/aes.c:38:0:
ssl/os_port.h:158:0: warning: "strcpy_P" redefined [enabled by default]
#define strcpy_P(dst, src) do { static const char fstr[] PROGMEM = src; memcpy_P(dst, fstr, sizeof(src)); } while (0)
^
In file included from /home/cdo/.arduino15/packages/esp8266/tools/xtensa-lx106-elf-gcc/2.5.0-3-20ed2b9/xtensa-lx106-elf/include/string.h:163:0,
from crypto/aes.c:37:
/home/cdo/.arduino15/packages/esp8266/tools/xtensa-lx106-elf-gcc/2.5.0-3-20ed2b9/xtensa-lx106-elf/include/sys/string.h:32:0: note: this is the location of the previous definition
#define strcpy_P(dest, src) strncpy_P((dest), (src), SIZE_IRRELEVANT)
^
make: *** [: crypto/aes.o] Error 1

From @tijnkooijmans on March 17, 2016 10:6

Is there any limit to the SSL certificate size in axTLS?

I'm using WifiClientSecure and when I have fully-chained certificate (6 kb) on the server the connection gets refused (error -1) while if the server only uses the non-chained certificate (1.8 kb) there is no problem.

I have 30 kb heap available when making the SSL connection so it's no memory issue.

Thanks in advance for looking into this!

Copied from original issue: esp8266/Arduino#1788

i think we should handle memory allocation fail more gracefully.....

The problem is probably that by the time we try to realloc(), we don't have large enough continues memory block.

https://github.com/igrr/axtls-8266/blob/master/crypto/bigint.c#L1072

fatal exception 29(StoreProhibitedCause):
epc1=0x40218dae, epc2=0x00000000, epc3=0x00000000, excvaddr=0x00000004, depc=0x00000000
 
Exception (29):
epc1=0x40218dae epc2=0x00000000 epc3=0x00000000 excvaddr=0x00000004 depc=0x00000000
 
ctx: sys 
sp: 3ffffa70 end: 3fffffb0 offset: 01a0

0x4024aeba: more_comps at bigint.c:1072
0x4024b04c: alloc at bigint.c:1106
0x4024b2ed: regular_multiply at bigint.c:822
0x4024b04c: alloc at bigint.c:1106
0x4024be2a: bi_barrett at bigint.c:1289
0x4604e78f: ?? ??:0
0x4024c080: bi_mod_power at bigint.c:1414
0x4024af1c: trim at bigint.c:1197
0x4024d1a1: RSA_public at rsa.c:242
0x402490e6: send_client_key_xchg at tls1_clnt.c:361
0x402494d1: do_clnt_handshake at tls1_clnt.c:126
0x4022b476: pbuf_copy_partial at pbuf.c:1025
0x4010020c: _umm_free at umm_malloc.c:1287
0x4010068c: free at umm_malloc.c:?
0x4020ba6e: ax_port_read at tcp_axtls.c:581
0x40248ed2: do_handshake at tls1.c:1545
0x4010068c: free at umm_malloc.c:?
0x40249038: ssl_read at tls1.c:271
0x4020b811: tcp_ssl_read at tcp_axtls.c:378
0x4020add9: _ZN11AsyncClient5_recvEP7tcp_pcbP4pbufa at ESPAsyncTCP.cpp:388
0x4022d21a: tcp_output at tcp_out.c:925
0x4020ae0b: _ZN11AsyncClient7_s_recvEPvP7tcp_pcbP4pbufa at ESPAsyncTCP.cpp:478
0x40231f08: tcp_input at tcp_in.c:394 (discriminator 1)
0x40100f7b: free at umm_malloc.c:?
0x4022f5b5: ip_input at ip.c:559
0x4022e9b1: ethernet_input at etharp.c:1379
0x40104062: free at umm_malloc.c:?
0x401009c6: free at umm_malloc.c:?
0x402389e8: umm_free_heap_size at umm_malloc.c:1740
0x40100793: free at umm_malloc.c:?
0x401007ce: free at umm_malloc.c:?
0x4023860b: umm_free_heap_size at umm_malloc.c:1740
0x40000f49: ?? ??:0
0x40000f49: ?? ??:0

@igrr i am still getting ssl->neeed bytes error. I changed the value of
ssl->max_plain_length to ssl->max_plain_length = 6000*4; which I think is the maximum value, i can give. Here is the dump:

~ld
scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 5 (10)
add 0
aid 2
**cnt **
chg_B1:-40
..
connected with TechnoMan, channel 6
ip:172.16.0.120,mask:255.255.255.0,gw:172.16.0.1
.IP: 172.16.0.120
Successfully opened ca file
loaded
IP: 172.16.0.120
Thu Mar 17 19:56:05 2016

Error: Invalid X509 ASN.1 file (X509 not ok)
pm open,type:2 0
IP: 172.16.0.120
Error: Invalid X509 ASN.1 file (X509 not ok)
ssl->need_bytes=37663 > 25019
IP: 172.16.0.120
Error: Invalid X509 ASN.1 file (X509 not ok)
IP: 172.16.0.120
Error: Invalid X509 ASN.1 file (X509 not ok)
ssl->need_bytes=61896 > 25019
IP: 172.16.0.120
Error: Invalid X509 ASN.1 file (X509 not ok)
ssl->need_bytes=52978 > 25019
IP: 172.16.0.120
Error: Invalid X509 ASN.1 file (X509 not ok)
IP: 172.16.0.120
Error: Invalid X509 ASN.1 file (X509 not ok)
ssl->need_bytes=26851 > 25019

It would be great if you can provide examples how to use axTLS with LWIP raw tcp for ESP8266. Even a small source code example will be fine.

Running the HTTPS example sketch results in a crash after connection when i clone and compile and then use the up to date libaxtls.a file.

Serial output:

WiFi connected
IP address:
192.168.0.101
connecting to iot.thinger.io
certificate matches
requesting URL: /repos/esp8266/Arduino/commits/master/status
request sent
esp8266/Arduino CI has failed
reply was:

==========
closing connection

Exception (3):
epc1=0x4010010e epc2=0x00000000 epc3=0x00000000 excvaddr=0x40046f69 depc=0x00000000

ctx: cont
sp: 3fff1340 end: 3fff15d0 offset: 01a0

stack>>>
3fff14e0: 3fff0558 000007a1 000007a1 4010020c
3fff14f0: 3fff0558 0000aa2f 0000aa2f 4010020c
3fff1500: 3ffe9314 00000000 3ffe9514 4010068c
3fff1510: 3ffe9314 00000000 3fff2a84 4022e58d
3fff1520: 3ffe9314 00000000 3fff2a84 4022faa7
3fff1530: 3ffe9314 00000000 3fff2984 40203026
3fff1540: 3ffe9458 3ffe94b8 3fff1560 40203074
3fff1550: 3ffe9314 3ffe94b8 3fff0578 402021e6
3fff1560: 3ffe97f8 00000000 000003e8 0000164e
3fff1570: 00000000 3fff283c 3fff2984 00000000
3fff1580: 00000000 00000000 00000000 00000000
3fff1590: 00000000 00000000 00000000 00000000
3fff15a0: feefeffe feefeffe feefeffe 3fff05a4
3fff15b0: 3fffdad0 00000000 3fff059c 40204138
3fff15c0: feefeffe feefeffe 3fff05b0 40100718
<<<stack<<<

ets Jan 8 2013,rst cause:2, boot mode:(3,6)

load 0x4010f000, len 1384, room 16
tail 8
chksum 0x2d
csum 0x2d
v00000000
~ld

I would like to use your axTLS library. In the old Espressif IoT example this function was used to create the ssl client object:

EXP_FUNC SSL *STDCALL ICACHE_FLASH_ATTR SSLClient_new(SSL_CTX *ssl_ctx, struct tcp_pcb *SslClient_pcb, const
        uint8_t *session_id, uint8_t sess_id_size)
{   
    SSL *ssl = ssl_new_context(ssl_ctx, SslClient_pcb);
    ssl->version = SSL_PROTOCOL_VERSION_MAX;
    if (session_id && ssl_ctx->num_sessions) {
        if (sess_id_size > SSL_SESSION_ID_SIZE) {
            ssl_free(ssl);
            return NULL;
        }
        os_memcpy(ssl->session_id, session_id, sess_id_size);
        ssl->sess_id_size = sess_id_size;
        SET_SSL_FLAG(SSL_SESSION_RESUME);
    }
    SET_SSL_FLAG(SSL_IS_CLIENT);
    do_client_connect(ssl);
    return ssl;
}

Shall I use that one or there is a better way to do it with raw LWIP with axTLS?

Hi
This lib is based on 1.5.3 as I see but the current code is at 2.1.3
I can start making a PR to get all modifications but I see little activity on this repo.

@igrr if I start a PR to rebase this to latest axtls do you think you will have time to review and merge?
Thank you!

I have not quite been able to figure out whether this repository falls under the 3-clause BSD lisence, or if that is just the upstream's lisence. The GitHub UI implies that the BSD lisence is indeed in use, but it might just automatically derive that from the LISENCE file.

Necessary because heap fragmentation becomes an issue as seen here: esp8266/Arduino#1084

Hi in Radme.md it is stated that currently it is based on 1.5.3+ but version.h is old.

There are new and useful functions that are appearing in this repository. It would be great if we can push them to the upstream axTLS repository.

Loading a full root certificate store into memory in the way it is currently implemented in axTLS will quickly cause an out-of-memory condition on the ESP8266. Certificates themselves, in DER format, can also occupy significant chunk of program memory. For this reason, in the past we have implemented certificate fingerprint verification. Certificate fingerprint verification suffers from poor UX though, as certificates get renewed and fingerprints change. Recently merged SPKI verification (#31) can potentially help with the renewal issues, but support for displaying SHA-256 hash of SPKI is not present in all major browsers, complicating the process for new users.

Considering the way axTLS performs certificate chain verification, we don't actually need to know the full contents of root certificate. AxTLS only uses the public key to perform verification. In addition to that, DN is used to identify the root certificate to be used, and basic constraint info is checked in the latest version.

The basic constraint info can be checked before creating a root certificate bundle for axTLS, in a way similar to curl's mk-ca-bundle.pl.

Instead of using DN to match root certificate, we can use authority key identifier extension, which "MUST be included in all certificates generated by conforming CAs" according to the RFC. Authority key identifier is basically a SHA-1 hash of the CA's public key.

With this in mind, for each root certificate we need about (RSAkeySize/8 + 30) bytes of storage. SHA-1 hashes of authorityKeyIdentifiers can be stored in a heap structure in program memory (PROGMEM), making RAM overhead essentially zero. Limiting the number of root certificates in the store to ~20 most common ones we can keep the program memory cost small, and provide good out of the box experience for users at the same time.

This issue seeks discussion about the overall idea and specific APIs which will be used to expose this new mechanism.

/cc @slaff @ADiea

OS: OSX 10.13.3
Arduino IDE: 1.8.5
ESP platform version: 2.4.0
Device: ESP-12 (nodemcuv2)

I'm trying to get my ESP to connect to AWS IoT. Using the attached sketch based on this one, I always get that the certificate is not yet valid:

Attempting MQTT connection...failed, rc=-4 try again in 5 seconds
Heap: 20376
TIME: 1518979598

I have attached (gzipped, sorry, GH doesn't like all extensions) the sample sketch and certificates in PEM and DER format. These are valid certs and endpoints, I know it's a security issue and plan on revoking/replacing them once I've figured this out.

I'm 90% certain this is a user error, but I can't seem to figure it out. I've tried editing the axtls library to print out the supposedly old timestamp versus the certificate span, but I can't figure out how to get the library to actually be linked against. It seems to be, but clearly doesn't take my changes. What I did:

1. Cloned https://github.com/igrr/axtls-8266.git
2. Edit ssl/x509.c
3. Got it to compile, with new library in bin/libaxtls.a
4. Copied the new library to ~/Library/Arduino15/packages/esp8266/hardware/esp8266/2.4.0/tools/sdk/lib.
5. Recompiled (tried both from IDE and via makeEspArduino.mk) and flashed.

So, not sure what else to do to debug.

Hi,

I am trying to use two HTTPS connections simultaneously on the ESP8266, both of them with persistent HTTPS connection (so the sockets stay connected). I saw that other people also mentioned the large heap memory footprint and ran into that problem myself too.
Before the first socket is opened, I have 31,648 bytes and it drops to 20,872. The second socket connection drops the free heap space further to 9792 bytes. So about 11K per socket connection.

I was wondering what is the reason for this relatively big footprint? Is it possible to skip the verify() of the fingerprint for one of the servers (for which I don't need authentication) and save memory? Another option I am considering - if the main memory allocation is due to the certificate verification, is it possible to have both sockets use the same certificate verification, so that I would be allocating only 11K instead of 22K?

One thing I've noticed is that the call to ssl_ctx_new() is performed only once, and that the massive memory allocation happens on the two calls to ssl_client_new() - about 8Kb.

Thanks

In rsa.c
if (block[i++] != 0x02) /* BT correct? */
return -1;

I'm thinking about adding a callback called during certificate chain validation thats called when the CA certificate is not found on the internal list. This would allow all, or most, common CA certs to be stored say in SPIFFS and then only the one needed to validate a specific connections can be loaded on the fly without have to specify it ahead of time. Would that be an acceptable change? Any other ideas on how this could be done?

Update: After some more looking, if I don't treat SSL_CTX as opaque then this can be handled in the Arduino layer....

Update: strike the above - really should stay opaque. Now thinking to add a function to return the name CA) on the last certificate in the chain. That can be called before validateChain() to make sure the correct CA cert is loaded and added to the context.

I can't access http://axtls.sourceforge.net/.

I am new to this port and to axtls; so I am not sure how long it has been down.

If it has been down for a long time, you could probably host your own API docs somewhere, to help newcomers.

Thanks!

Redefine default_private_key, default_private_key_len, default_certificate, and default_certificate_len as extern.

I too am getting the Error: invalid handshake

Similar to:
esp8266/Arduino#3661

experienced by @sukretniy

but I don't (yet) have the skills/experience/setup to try and recompile from:
uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];

To:
uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index > 0 ? ssl->dc->bm_proc_index + 6 : ssl->dc->bm_proc_index];

Any chance someone more talented than I can fix this?

When integrating the code in another ESP8266 framework I am getting the following error before handshake.

Error: This is not a valid ASN.1 file
Error: Invalid X509 ASN.1 file (X509 not ok)

What can be the reason for this? With the Linux axtls code (without additions from this repo) it seems to work. Any suggestion?

hi @igrr
I am use Arduino ESP8266 v2.4-rc2.
when I use MQTT to connect Server over SSL I got problem make client cannot connect to the server because not enough 3 steps handshake, some other network is working.
this is log when failed

1878 396.863587048 113.23.28.250 -> xxx.xxx.xxx.185 TCP 60 47422 > secure-mqtt [SYN] Seq=0 Win=5840 Len=0 MSS=1452
1879 396.864090440 xxx.xxx.xxx.185 -> 113.23.28.250 TCP 58 secure-mqtt > 47422 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460
1880 396.874922554 113.23.28.250 -> xxx.xxx.xxx.185 TCP 60 [TCP ACKed unseen segment] 47422 > secure-mqtt [RST, ACK] Seq=1 Ack=1709034101 Win=5840 Len=0
1881 397.095605740 113.23.28.250 -> xxx.xxx.xxx.185 TCP 60 52516 > secure-mqtt [SYN] Seq=0 Win=5840 Len=0 MSS=1452
1882 397.096226488 xxx.xxx.xxx.185 -> 113.23.28.250 TCP 58 secure-mqtt > 52516 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460
1883 397.109734631 113.23.28.250 -> xxx.xxx.xxx.185 TCP 60 [TCP ACKed unseen segment] 52516 > secure-mqtt [RST, ACK] Seq=1 Ack=1936736866 Win=5840 Len=0
1887 398.259620701 xxx.xxx.xxx.185 -> 113.23.28.250 TCP 58 [TCP Retransmission] secure-mqtt > 52516 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460
1888 398.459615529 xxx.xxx.xxx.185 -> 113.23.28.250 TCP 58 [TCP Retransmission] secure-mqtt > 47422 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460
1889 400.259771173 xxx.xxx.xxx.185 -> 113.23.28.250 TCP 58 [TCP Retransmission] secure-mqtt > 52516 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460
1893 400.460337795 xxx.xxx.xxx.185 -> 113.23.28.250 TCP 58 [TCP Retransmission] secure-mqtt > 47422 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460

when I tried another network and success with log:

499 31.139014669 117.4.247.184 -> xxx.xxx.xxx.185 TCP 60 9924 > secure-mqtt [SYN] Seq=0 Win=5840 Len=0 MSS=1412
500 31.139447463 xxx.xxx.xxx.185 -> 117.4.247.184 TCP 58 secure-mqtt > 9924 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460
502 31.149661581 117.4.247.184 -> xxx.xxx.xxx.185 TCP 60 9924 > secure-mqtt [ACK] Seq=1 Ack=1 Win=5840 Len=0

where xxx.xxx.xxx.185 is my MQTT broker.

I'm trying to find a light weight SSL library replacement for the one in the non-OS SDK and stumbled across this repo. Is there any way to consume this in the non-OS SDK? I assume I can somehow convert the libaxtls.a into libssl.a..?