arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-19 23:22:16 +03:00
Code
259 Commits 13 Branches 37 Tags
Commit Graph

90 Commits

Author SHA1 Message Date
Ivan Grokhotkov
f41146fb17 Merge pull request #16 from jmue/fix/doubled_code 
fix doubled code introduced with r231 - 97f9f969
 2016-06-01 18:11:09 +08:00
Ivan Grokhotkov
9a9be633f2 Merge pull request #17 from jmue/fix/memset_usage 
fix memset usage
 2016-06-01 18:11:02 +08:00
Jens Mueller
07fe883157 fix doubled code introduced with r231 - 97f9f969 2016-05-21 21:26:39 +02:00
Jens Mueller
87163b23e0 fix memset usage 2016-05-21 21:13:48 +02:00
Jens Mueller
36e8b497ba Merge branch upstream into axtls-upgrade 2016-05-13 23:40:49 +02:00
Ivan Grokhotkov
139914f312 Add option for blocking reads 2016-05-10 23:17:44 +08:00
Ivan Grokhotkov
69c757f2a3 Allow plain buffer size increase during handshake 2016-04-19 09:30:50 +03:00
Ivan Grokhotkov
fe4518da8d Make SNI host name an ssl_client_new argument 
ssl_set_hostname was mostly useless, because it allowed setting host name of an existing SSL object. However SNI was sent as part of client_hello, which was done in ssl_client_new. So it wasn't possible to actually set host name before connection would start.
 2016-04-19 08:23:15 +03:00
Ivan Grokhotkov
5b4be7d273 Reserve 16k fragment buffer only when it is actually required. 
This change reduces memory pressure when server response size fits into 6k buffer allocated by default.
 2016-03-02 15:34:15 +03:00
Ivan Grokhotkov
b33ef68e6a Fix handshake status not being set if increase_bm_data_size fails 
Also set warning level to -Wall
https://github.com/esp8266/Arduino/issues/1708
 2016-03-02 15:17:47 +03:00
Ivan Grokhotkov
324c2fdade Terminate connection if increase_bm_data_size fails 
As suggested in https://github.com/igrr/axtls-8266/issues/2#issuecomment-188544798
 2016-02-26 17:53:19 +03:00
Ivan Grokhotkov
9eaeca3a03 Postpone freeing of X509 context to the first data exchange after handshake 
X509 context contains certificate fingerprint and various names which may be used to verify the certificate.
Previously we would free it right after the handshake completion, which prevented the client from actually using any information from X509 context.
Postponing this to the first ssl_read/ssl_write call after the handshake, we give the client a chance to verify the certificate.

Also added logging to ssl_match_fingerprint function in case fingerprint doesn't match expected value.
 2016-02-26 16:21:09 +03:00
Ivan Grokhotkov
28869ea94b Use free followed by malloc instead of realloc when increasing raw buffer 
At this point we don't need to preserve the data inside the buffer.
Using free followed by malloc reduces fragmentation for some heap implementations.
 2016-02-26 16:09:47 +03:00
Slavey Karadzhov
1154d0a985 Changed the code to reserve bytes for hostname only if needed. 2016-02-22 10:16:01 +01:00
Slavey Karadzhov
63da8991c2 Added SNI ( https://en.wikipedia.org/wiki/Server_Name_Indication ) support. 2016-02-19 16:48:58 +01:00
Ivan Grokhotkov
514b6685c5 Disable RC4 2015-12-09 23:39:26 +03:00
Ivan Grokhotkov
1551076816 Remove default private key and certificate (#3) 2015-12-04 17:08:04 +03:00
Ivan Grokhotkov
6830d98c7f Pre-allocate encrypt/decrypt ctx to reduce memory fragmentation 2015-11-17 02:35:09 +03:00
Ivan Grokhotkov
10b41c811a Increase plaintext buffer size after handshake is complete 2015-11-17 01:50:35 +03:00
Ivan Grokhotkov
6f48f0d114 Store fingerprint as raw byte array 2015-09-18 12:38:27 +03:00
Ivan Grokhotkov
a069bc0eb6 Add function to match certificate fingerprint 2015-09-14 10:24:51 +03:00
Ivan Grokhotkov
6095fde37e Allocation debugging, reduce SSL structure size. 2015-09-01 16:39:29 +03:00
Ivan Grokhotkov
6030371051 Initial compilation fixes 2015-08-31 09:05:04 +03:00
Ivan Grokhotkov
4e0ccaf9b2 Import axTLS 1.4.9 2015-08-30 13:34:00 +03:00
cameronrich
b0bd12beda * Added SHA384 and SHA512 digests. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@245 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-03-10 03:08:16 +00:00
cameronrich
0d334d81c2 * PT_APP_PROTOCOL_DATA has a test for hs_status=SSL_OK to prevent possible exchanges before the handshake is complete. 
* Changed license on sha256.c to full BSD.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@244 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-03-09 01:42:59 +00:00
cameronrich
82a7638efa * Added SHA256 
* Return code checked for get_random()
* MD2 code removed.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@238 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-19 03:51:22 +00:00
olereinhardt
29e7d3554d Fixed array access out of bounds bug in add_cert() 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@234 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-09-24 10:21:23 +00:00
cameronrich
97f9f969a3 added printf changes from Fabian Frank to stop warnings/erros 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@231 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2013-09-22 10:34:51 +00:00
ehuman
5c51893035 Moved setting encryption flags to after handshake completion 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@230 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2013-08-05 15:47:52 +00:00
cameronrich
f74c9cafca Client version number comes from client hello and not the record layer. This was causing issues in Chrome 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@229 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2013-01-06 12:38:42 +00:00
cameronrich
8ac6264444 looks like some stuff didn't get checked in 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@226 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-06-08 10:42:11 +00:00
cameronrich
c0074b3044 Fixed issue with session id's in the future 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@224 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-02-25 08:07:12 +00:00
cameronrich
42cd25fa9d Fixed closure alerts. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@208 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-05-07 00:10:20 +00:00
cameronrich
70a8f79fa6 TLSv1.1 feature added. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@207 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-05-06 12:35:32 +00:00
cameronrich
8558c49351 Fixed variable length macs used by gnutls. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@205 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-04-28 13:00:20 +00:00
cameronrich
2ae9a3ec83 Started to implement TLS1.1 (but disabled for now) 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@204 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-04-26 20:33:55 +00:00
cameronrich
222f2d98f1 Fixed SOCKET_WRITE() when blocked. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@203 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-02-11 12:43:01 +00:00
cameronrich
7f3d1265ef fixed issue with bad certs on cygwin 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@202 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-02-08 11:38:05 +00:00
cameronrich
9c91e355da Now load PEM cert bundles correctly for verification. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@201 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-01-24 22:49:20 +00:00
cameronrich
18c3faf4a8 added test case for non-blocking sockets. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@199 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-01-19 22:41:03 +00:00
cameronrich
faba18dfc1 Check made in ssl_write for EAGAIN return from write(). 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@197 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-01-16 21:44:03 +00:00
cameronrich
529d87ba09 Added Visual Studio 2010 support and fixed some VS compilation issues. 
Removed code to force blocking mode.


git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@196 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-01-14 23:25:33 +00:00
cameronrich
9e1cb29c54 Added comments to hmac and rc4 code and extra diagnotics to cert # out of 
bounds.


git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@192 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-01-08 03:44:47 +00:00
cameronrich
26e256c758 Added some certificate loading tweaks. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@190 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-01-04 04:20:21 +00:00
cameronrich
9e082c868e Ignore CA cert errors (caused by invalid signature types in cert bundles) 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@189 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-01-04 01:34:46 +00:00
cameronrich
f5dbc8875e Removed os_port.h dependency. Fixed CA number issue (default now 120). 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@188 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-01-03 23:08:49 +00:00
cameronrich
0d2e75b9c7 fixed regular_square. Some scan-build tweaks. Made os_port.h "private". 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@181 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2010-12-29 11:49:30 +00:00
cameronrich
7e570e3943 Fixed 3132700 (close_notify), 3078672 (regular_square), 3072881 
(process_server_hello). Using Montgomery until q_dash issue solved.


git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@180 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2010-12-27 09:40:51 +00:00
cameronrich
c69b6901fb removed redundant x509_free() in do_client_connect() 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@176 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2010-08-07 07:34:41 +00:00