1
0
mirror of https://github.com/esp8266/Arduino.git synced 2025-10-25 18:38:07 +03:00
Commit Graph

25 Commits

Author SHA1 Message Date
Earle F. Philhower, III
42c977bd4d Patch axTLS CVEs and fix CA verification (#5270)
Apply patches developed by Sze Yiu Chau <schau@purdue.edu> which
correct a vulnerability in X509 parsing.

See CVE-2018-16150 and CVE-2018-16149 for more info.

CA certification validation was broken by a change put in during warning
cleanup a long time ago.  This binary now includes the 1-line correction
and HTTPSRequestCACert now works again (before was failing
because the key usages in certs were not properly read).
2018-10-24 12:47:11 -07:00
Ivan Grokhotkov
8f438b18db Update axTLS to e634adf (#5125) 2018-09-12 07:49:42 -07:00
Ivan Grokhotkov
f85f8269b7 axtls: update to 24af415
Clear bigint cache once certificates and keys are loaded, and also
during verification. Can save up to 3kB of heap in a typical use case.
2017-10-08 05:00:08 +08:00
Ivan Grokhotkov
80e9a841d6 axTLS: update to 49b9deb
- Upstream fix: Fixed issue with pathlen=0 for root certs

Fixes #2711, #3340
2017-10-02 00:26:43 +08:00
Ivan Grokhotkov
c8947953ac axtls: update to 66d530a, fixes #3335
SHA512 module stored padding in PROGMEM, but would then pass the pointer
to padding into Update function which would do a memcpy. Use the same
approach as with SHA256, that is to copy padding to the stack first, and
then pass it to Update.
2017-09-20 11:37:26 +08:00
Ivan Grokhotkov
f05ed6e27d Update axTLS to 5de79d71.
Includes two PRs:

- https://github.com/igrr/axtls-8266/pull/46 by @earlephilhower:
  Move debug strings from RAM to Flash

- https://github.com/igrr/axtls-8266/pull/50:
  Fix memory leak in ssl_ext_host_name
2017-07-23 16:15:37 +08:00
Ivan Grokhotkov
1d41859238 axTLS: update to 1b2c299
Includes memory optimizations (less .rodata, less heap)
2017-05-09 17:40:52 +08:00
Ivan Grokhotkov
c5c138ec5a axtls: update to bddda2a0
- update ssl_client_new signature
- add max fragment length negotiation support (hardcoded to 4096 bytes)
- build axtls with -f{function,data}-sections, ~1k less DRAM usage,
  ~3k less flash
- strip prefix from build paths in debug symbols
2017-04-29 22:58:19 +08:00
Ivan Grokhotkov
c2414a2252 Update axTLS to 144994c
https://github.com/igrr/axtls-8266/pull/23
2016-08-29 13:48:54 +08:00
Ivan Grokhotkov
35ee060c09 axTLS: update to d26f23a (2.0.0+) 2016-08-25 12:49:32 +08:00
Ivan Grokhotkov
0f0386e3c4 Update axTLS to ab516f7
fe6e51a...ab516f7
2016-06-13 00:56:38 +08:00
Ivan Grokhotkov
9e60d4d463 Update axTLS to fe6e51a (1.5.3+) 2016-06-01 17:40:04 +08:00
Ivan Grokhotkov
e8b8a606e4 Update axTLS to 139914f
- Fix occasional software WDT due to lengthy bigint operations
- Implement truly blocking reads as a workaround for half-duplex nature of axTLS
2016-05-10 23:34:33 +08:00
Ivan Grokhotkov
c8a1507504 Update axTLS to 69c757f
Fix issue with handling of large certificates (#1816)
2016-04-19 09:32:51 +03:00
Ivan Grokhotkov
8c65f2fcd0 Update axTLS to fe4518d, SNI support in WiFiClientSecure (#1285)
Fixes #1933
2016-04-19 08:29:13 +03:00
Ivan Grokhotkov
efa35e257a Update axTLS to 5b4be7d
Changes:
5b4be7d273 Reserve 16k fragment buffer only when it is actually required.
b33ef68e6a Fix handshake status not being set if increase_bm_data_size fails
2016-03-02 15:47:12 +03:00
Ivan Grokhotkov
e206093b60 Update libaxtls.a to 324c2fd
Changelog:
324c2fdade Terminate connection if increase_bm_data_size fails
96fbb39f21 Update README.md
c18bb56e61 Add travis CI
9eaeca3a03 Postpone freeing of X509 context to the first data exchange after handshake
28869ea94b Use free followed by malloc instead of realloc when increasing raw buffer
43a90bcf35 Merge pull request #8 from slaff/feature/lwipr-compat
66e1a5f423 Merge pull request #7 from slaff/feature/sni
1154d0a985 Changed the code to reserve bytes for hostname only if needed.
63da8991c2 Added SNI ( https://en.wikipedia.org/wiki/Server_Name_Indication ) support.
7c38865f66 Restructured the lwip raw comat code. Added replacements for the time functions on ESP8266.
885ff3e8f0 Merge pull request #6 from slaff/feature/lwip-raw
d78e7a0799 Initial version of axTLS integration with lwip raw tcp mode (http://lwip.wikia.com/wiki/Raw/TCP).
2016-02-26 18:41:27 +03:00
Ivan Grokhotkov
70cf3c36ef Add missing AES table pointers (#1271, #1256) 2015-12-22 07:59:54 +03:00
Ivan Grokhotkov
b66ddbf93a Update to SDK 1.5 (#1102) 2015-12-17 23:14:59 +03:00
Ivan Grokhotkov
14b70e9328 Allow setting client side TLS key and certificate 2015-12-04 19:02:46 +03:00
Ivan Grokhotkov
655437752b Update axTLS to 34ff442
Use hardware RNG
2015-12-03 09:09:47 +03:00
Ivan Grokhotkov
e9f0ea2afe WiFiClientSecure: handle full size TLS fragments (#43)
- free up some memory by getting rid of intermediate buffer
- libaxtls: update to 6830d98
    - allocate plaintext buffer in two stages: 4*MSS initially, grow to 16k after handshake
    - free certificate data after handshake is complete
    - preallocate some structures to reduce memory fragmentation
2015-11-17 02:47:57 +03:00
Ivan Grokhotkov
ed1a4063a2 Update libaxtls to 6f48f0d 2015-09-19 22:38:18 +03:00
Ivan Grokhotkov
f73d414f38 WiFiClientSecure: add certificate fingerprint verification (#43) 2015-09-14 10:22:54 +03:00
Ivan Grokhotkov
9a2f2f2849 Add axTLS, first draft of WiFiClientSecure (#43) 2015-09-01 15:45:12 +03:00