Fix following wpa2 enterprise vulnerability issues:
1. The station can complete 4-way handshake after EAP-FAIL is received
2. The station crashes if EAP-SUCCESS is received before PMK is setup
Description for i2c_slave_read_buffer had leftover from copying from write fct. data
pointer description described the wrong way (writing into internal buffer)
Closes https://github.com/espressif/esp-idf/pull/3268
* Linker was choosing ROM symbols for these, which use integer soft-float
operations and are much slower.
* _divsf3() moved to IRAM to avoid regressions with any code that does
integer float division in IRAM interrupt handlers (+88 bytes IRAM)
* Thanks to michal for reporting:
https://esp32.com/viewtopic.php?f=14&t=10540&p=43367
open_fn() was introduced in the context of HTTPS server, as a configurable callback function that is called by the HTTP server, on every newly created socket. It is responsible of allocating resources for per session transport security.
Earlier, if open_fn were to fail, the newly created socket would be closed by the server but the corresponding entry, for the now invalid socket, will remain in the internal socket database until that invalid socket is detected due to error when calling select(). Because of this delayed closing of sockets, the HTTPS server would quickly face shortage of available sessions when a lot of SSL handshake errors are happening (this typically occurs when a browser finds that the server certificate is self signed). This changes in this MR fix this issue by clearing up the socket from internal database, right after open_fn fails.
Closes https://github.com/espressif/esp-idf/issues/3479
When flash work in DIO Mode, in order to ensure the fast read mode of flash
is a fixed value, we merged the mode bits into address part, and the fast
read mode value is 0 (the default value).
Removes the need to know/guess the paths to these libraries. Once we are gcc 8 only, we
can remove -nostdlib and no additional arguments are needed for system libraries.
The catch is: any time IDF overrides a symbol in the toolchain sysroot, we need
an undefined linker marker to make sure this symbol is seen by linker.
Previous version read all data to the buffer including header which reduced maximum payload read. This version uses a local array to receive header and reads payload bytes to the buffer
1. fix the bug no disconnect event when STA recv disassoc after sending auth
2. fix the bug full scan send multi events when recv deauth/disassoc
Closes https://github.com/espressif/esp-idf/issues/3474
Fixes an issue with post instance data preparation. Currently, there is
no way to check if event data has really been set during handler
execution preparation. When data is not allocated from the heap, user
could have passed 0x0 which can lead to failed checks.
This also implements using the already allocated data memory for posting
events from non-ISR functions when data size is less than the capacity.
Fixed the case when the first part of log was missed
this was happened when:
* CONFIG_CONSOLE_UART_CUSTOM option is selected (UART1)
* The selected CONSOLE_UART port is used also for the console component
* in code esp_restart() or abort() functions were called.
Hardware AES-CBC performance changes:
Release config 11.0MB/sec -> 10.8MB/sec
Debug config 9.4MB/sec -> 9.8MB/sec
(Unrolling the loop to optimize the check improves
performance at -Og, even with the fault check.)
Issue is that when users creates a custom bootloader from
$IDF_PATH/components/bootloader. Parent project build uses the copy but
bootloader subproject build uses the original still. The issue is solved
by passing the custom bootloader as extra component directory so
bootloader build knows to use the new copy (itself) in the build.
List of changes:
* Use 128 bit characteristic UUIDs when creating GATT table entries
* Change primary service attribute value to 128 bit custom service UUID
* Use raw advertisement data to convey flags and 128 bit primary service UUID
* Use raw scan response to send device name as complete local name
* Increase maximum device name length in relation to maximum scan response length
* Set Characteristic User Description attributes for each characteristic to convey protocomm endpoint names
port*_CRITICAL_SAFE API calls port*_CRITICAL or port*_CRITICAL_ISR
depending on the context (Non-ISR or ISR respectively).
FREERTOS_CHECK_PORT_CRITICAL_COMPLIANCE Kconfig option added
Signed-off-by: Sachin Parekh <sachin.parekh@espressif.com>
List of changes:
* Kconfig option HTTPD_LOG_PURGE_DATA enables logging of purged data
* Kconfig option HTTPD_PURGE_BUF_LEN sets purge buffer length
* Purged data is logged in hex
Closes https://github.com/espressif/esp-idf/issues/3359
esp_err_t provided by esp_err.h and thus is required and not optional.
While the python script adds the header, it wraps it with an __has_include
directive that is not supported on all compilers (notably GCC 4.8).
Closes https://github.com/espressif/esp-idf/pull/3424
1. modify the limit of frames to send to avoid dropping packet on A2DP source due to TX data queue overflow
2. reduce the A2DP source data queue size in order to achieve faster control respnonse
According to the documentation[1][2] for partitions, setting the encrypted
flag for partitions should be a no-op when system level encryption isn't
enabled. The current implementation, however, does not actually match
the documentation and it ends up with an unreadable partition via the
partition API if a partition flag is marked as encrypted without
system-level encryption enabled. (This is because the writes go through
the encryption block, and reads do not go through the encryption block
when this situation occurs causing unreadable data to the application
running.) This fixes up the read-back of the partition table to match
whether or not the partition is currently encrypted under the hood.
This should not affect the bootloader's code for reading/writing encrypted
partitions as the bootloader directly invokes the spi_flash_write*(...)
APIs.
[1] https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/partition-tables.html#flags
[2] https://docs.espressif.com/projects/esp-idf/en/latest/security/flash-encryption.html#encrypted-partition-flag
Closes https://github.com/espressif/esp-idf/pull/3328
Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
Issue : Restarting the server without 30sec delay between httpd_stop() and httpd_start() causes EADDRINUSE error
Resolution : Use setsockopt() to enable SO_REUSEADDR on listener socket
Closes https://github.com/espressif/esp-idf/issues/3381
This prevents wear and tear on the flash, and it also is faster in some
cases since the read-out of flash is a cheaper operation than the erasure
of flash. Some library modules (such as the esp_wifi) write out to NVS
upon every initialization without checking first that the existing value
is the same, and this speeds up initialization of modules that make
these design choices and moves it into a centralized place.
The comparison functions are based on the read-out functions of the same
name, and changes out the memcpy(...) operations for memcmp(...)
operations.
Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
Bugfixes:
- Fix http url redirection issue
- Fix basic/digest auth issue with http url
Features:
- Add support for adding custom http header
- Add support for reading firmware image header
- Add support for monitoring upgrade status
- This requires breaking down esp_https_ota API such that it allows finer application level control
- For simpler use-cases previous API is still supported
Closes https://github.com/espressif/esp-idf/issues/3218
Closes https://github.com/espressif/esp-idf/issues/2921
There was existing support for adding authorization info in esp_http_client
but it was functional only while using `esp_http_client_perform` API. This commit just moves
existing authorization addition logic into publicly exposed API.
introduced in f871cc5ffa
The issue is caused by
1. The hal didn't pass the io_mode to LL.
2. The setup_device function overwrite the trans-specific settings.
xTaskIncrementTick have to unwind uxPendedTicks on CPU1 and CPU0.
Use case: If an erase operation was run on the CPU1 then it leads
to starving other tasks which waiting time. Waited tasks just skipped.
Closes: https://github.com/espressif/esp-idf/issues/1952
Closes: IDF-183