arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-10-16 22:27:59 +03:00
Code Activity
292 Commits 13 Branches 37 Tags
47efb7adf46fafe7ebdf17fb2613075753edf6ac
Commit Graph

292 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ivan Grokhotkov
324c2fdade Terminate connection if increase_bm_data_size fails 
As suggested in https://github.com/igrr/axtls-8266/issues/2#issuecomment-188544798
 2016-02-26 17:53:19 +03:00
Ivan Grokhotkov
96fbb39f21 Update README.md 2016-02-26 17:10:31 +03:00
Ivan Grokhotkov
c18bb56e61 Add travis CI 2016-02-26 16:59:10 +03:00
Ivan Grokhotkov
9eaeca3a03 Postpone freeing of X509 context to the first data exchange after handshake 
X509 context contains certificate fingerprint and various names which may be used to verify the certificate.
Previously we would free it right after the handshake completion, which prevented the client from actually using any information from X509 context.
Postponing this to the first ssl_read/ssl_write call after the handshake, we give the client a chance to verify the certificate.

Also added logging to ssl_match_fingerprint function in case fingerprint doesn't match expected value.
 2016-02-26 16:21:09 +03:00
Ivan Grokhotkov
28869ea94b Use free followed by malloc instead of realloc when increasing raw buffer 
At this point we don't need to preserve the data inside the buffer.
Using free followed by malloc reduces fragmentation for some heap implementations.
 2016-02-26 16:09:47 +03:00
Ivan Grokhotkov
43a90bcf35 Merge pull request #8 from slaff/feature/lwipr-compat 
Restructured the lwip raw compatability code.
 2016-02-22 13:13:57 +03:00
Ivan Grokhotkov
66e1a5f423 Merge pull request #7 from slaff/feature/sni 
Added SNI ( https://en.wikipedia.org/wiki/Server_Name_Indication ) su…
 2016-02-22 12:24:41 +03:00
Slavey Karadzhov
1154d0a985 Changed the code to reserve bytes for hostname only if needed. 2016-02-22 10:16:01 +01:00
Slavey Karadzhov
63da8991c2 Added SNI ( https://en.wikipedia.org/wiki/Server_Name_Indication ) support. 2016-02-19 16:48:58 +01:00
Slavey Karadzhov
7c38865f66 Restructured the lwip raw comat code. 
Added replacements for the time functions on ESP8266.
 2016-02-19 13:31:00 +01:00
Ivan Grokhotkov
885ff3e8f0 Merge pull request #6 from slaff/feature/lwip-raw 
Initial support for LWIP raw tcp mode.
 2016-02-01 14:56:08 +03:00
Slavey Karadzhov
d78e7a0799 Initial version of axTLS integration with lwip raw tcp mode (http://lwip.wikia.com/wiki/Raw/TCP). 2016-02-01 12:05:09 +01:00
Ivan Grokhotkov
514b6685c5 Disable RC4 2015-12-09 23:39:26 +03:00
Ivan Grokhotkov
f98cae7b2f Don't try to load certificate and private key if it is null 2015-12-04 18:44:40 +03:00
Ivan Grokhotkov
1551076816 Remove default private key and certificate (#3) 2015-12-04 17:08:04 +03:00
Ivan Grokhotkov
34ff4421d2 Get random bytes from hardware RNG 2015-12-02 23:49:49 +03:00
Ivan Grokhotkov
6830d98c7f Pre-allocate encrypt/decrypt ctx to reduce memory fragmentation 2015-11-17 02:35:09 +03:00
Ivan Grokhotkov
10b41c811a Increase plaintext buffer size after handshake is complete 2015-11-17 01:50:35 +03:00
olereinhardt
d1bcdc5f97 Tag 64-bit constants with "LL" (make e.g. AVR32 gcc happy) 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@251 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-10-01 15:58:22 +00:00
Ivan Grokhotkov
6f48f0d114 Store fingerprint as raw byte array 2015-09-18 12:38:27 +03:00
Ivan Grokhotkov
a069bc0eb6 Add function to match certificate fingerprint 2015-09-14 10:24:51 +03:00
Ivan Grokhotkov
ad9780684a Calculate SHA-1 fingerprint when loading the certificate 2015-09-14 08:51:13 +03:00
Ivan Grokhotkov
6095fde37e Allocation debugging, reduce SSL structure size. 2015-09-01 16:39:29 +03:00
Ivan Grokhotkov
6c91aa10fc Create README.md 2015-08-31 09:22:23 +03:00
Ivan Grokhotkov
6030371051 Initial compilation fixes 2015-08-31 09:05:04 +03:00
Ivan Grokhotkov
3661c54000 Add makefile 2015-08-30 13:46:41 +03:00
Ivan Grokhotkov
4e0ccaf9b2 Import axTLS 1.4.9 2015-08-30 13:34:00 +03:00
cameronrich
a5f7ede493 * Fixed client certificate issue where there is no client certificate and a certificate verify msg was still being sent. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@250 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-07-28 02:44:52 +00:00
cameronrich
acf35f0ea7 * Added named unions in SHA256 code for compilers that don't support it. 
* Some other porting suggestions from Chris Ghormley.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@248 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-04-30 06:06:09 +00:00
cameronrich
a88fd947b2 * Updated the release notes. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@246 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-03-10 04:41:32 +00:00
cameronrich
b0bd12beda * Added SHA384 and SHA512 digests. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@245 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-03-10 03:08:16 +00:00
cameronrich
0d334d81c2 * PT_APP_PROTOCOL_DATA has a test for hs_status=SSL_OK to prevent possible exchanges before the handshake is complete. 
* Changed license on sha256.c to full BSD.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@244 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-03-09 01:42:59 +00:00
cameronrich
67111693e6 * fixed issue where SSL mutex was not being picked up. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@243 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-26 19:50:20 +00:00
cameronrich
b9d43265b5 * axhttpd can load a certificate and private key from the command line 
* axssl now prints all output regardless of null bytes. It no longer writes a null byte.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@242 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-22 02:05:21 +00:00
cameronrich
b3fc32689d * Added diagnostic in case digest could not be identified. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@240 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-19 10:28:29 +00:00
cameronrich
58790919c1 * Added check to get_asn1_length() to limit the number of octets and to not allow overflow. 
* Changed a few copyright dates to add a bit of new polish :-)

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@239 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-19 10:13:31 +00:00
cameronrich
82a7638efa * Added SHA256 
* Return code checked for get_random()
* MD2 code removed.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@238 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-19 03:51:22 +00:00
cameronrich
9ef84f9234 * RSA_decrypt now checks the integrity of the first 11 bytes. 
* The size of the output buffer in RSA_decrypt is now checked and cleared.
* get_random now returns an error code
* Various system calls now check the return code to remove gcc warnings.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@237 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-07 00:38:49 +00:00
cameronrich
08b27ee1cb Modified the test script 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@235 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-10-31 11:01:56 +00:00
olereinhardt
29e7d3554d Fixed array access out of bounds bug in add_cert() 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@234 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-09-24 10:21:23 +00:00
olereinhardt
ce488f9180 Fix handling of return values of SOCKET_READ in process_sslv23_client_hello() 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@233 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-09-24 10:19:21 +00:00
cameronrich
e6f9ae68c1 added generalized time for certificates 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@232 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2013-11-14 18:34:36 +00:00
cameronrich
97f9f969a3 added printf changes from Fabian Frank to stop warnings/erros 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@231 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2013-09-22 10:34:51 +00:00
ehuman
5c51893035 Moved setting encryption flags to after handshake completion 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@230 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2013-08-05 15:47:52 +00:00
cameronrich
f74c9cafca Client version number comes from client hello and not the record layer. This was causing issues in Chrome 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@229 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2013-01-06 12:38:42 +00:00
cameronrich
df4606a991 added cast to srand 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@228 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-07-01 11:10:14 +00:00
cameronrich
24384a37a4 Changed order of when os_int.h is imported 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@227 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-07-01 10:57:25 +00:00
cameronrich
8ac6264444 looks like some stuff didn't get checked in 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@226 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-06-08 10:42:11 +00:00
cameronrich
fec170a640 fixed issue with buffer limit 1 less than it should have been 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@225 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-06-01 11:23:00 +00:00
cameronrich
c0074b3044 Fixed issue with session id's in the future 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@224 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-02-25 08:07:12 +00:00