Apply patches developed by Sze Yiu Chau <schau@purdue.edu> which
correct a vulnerability in X509 parsing.
See CVE-2018-16150 and CVE-2018-16149 for more info.
CA certification validation was broken by a change put in during warning
cleanup a long time ago. This binary now includes the 1-line correction
and HTTPSRequestCACert now works again (before was failing
because the key usages in certs were not properly read).
SHA512 module stored padding in PROGMEM, but would then pass the pointer
to padding into Update function which would do a memcpy. Use the same
approach as with SHA256, that is to copy padding to the stack first, and
then pass it to Update.
- update ssl_client_new signature
- add max fragment length negotiation support (hardcoded to 4096 bytes)
- build axtls with -f{function,data}-sections, ~1k less DRAM usage,
~3k less flash
- strip prefix from build paths in debug symbols
Changes:
5b4be7d273 Reserve 16k fragment buffer only when it is actually required.
b33ef68e6a Fix handshake status not being set if increase_bm_data_size fails
Changelog:
324c2fdade Terminate connection if increase_bm_data_size fails
96fbb39f21 Update README.md
c18bb56e61 Add travis CI
9eaeca3a03 Postpone freeing of X509 context to the first data exchange after handshake
28869ea94b Use free followed by malloc instead of realloc when increasing raw buffer
43a90bcf35 Merge pull request #8 from slaff/feature/lwipr-compat
66e1a5f423 Merge pull request #7 from slaff/feature/sni
1154d0a985 Changed the code to reserve bytes for hostname only if needed.
63da8991c2 Added SNI ( https://en.wikipedia.org/wiki/Server_Name_Indication ) support.
7c38865f66 Restructured the lwip raw comat code. Added replacements for the time functions on ESP8266.
885ff3e8f0 Merge pull request #6 from slaff/feature/lwip-raw
d78e7a0799 Initial version of axTLS integration with lwip raw tcp mode (http://lwip.wikia.com/wiki/Raw/TCP).
- free up some memory by getting rid of intermediate buffer
- libaxtls: update to 6830d98
- allocate plaintext buffer in two stages: 4*MSS initially, grow to 16k after handshake
- free certificate data after handshake is complete
- preallocate some structures to reduce memory fragmentation
