jepler/axtls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
255 commits 5 branches 1 tag 4 MiB
Commit graph

156 commits

Author SHA1 Message Date
Paul Sokolovsky
9776795d9f ssl/Makefile: Make archive index when creating libaxtls.a. 2016-07-10 23:17:18 +03:00
Paul Sokolovsky
7e9e9a7812 tls1.h: Allow to override RT_MAX_PLAIN_LENGTH and RT_EXTRA. 2016-07-10 23:17:18 +03:00
Paul Sokolovsky
54b2a4f5e2 crypto_misc.h: CONFIG_SSL_DIAGNOSTICS 2016-07-10 23:17:18 +03:00
Paul Sokolovsky
3c6e252720 crypto_misc.h: Don't ifdef in headers. 2016-07-10 23:17:17 +03:00
Paul Sokolovsky
3984fdd4fb os_int.h, os_port_micropython.h: Changes for esp8266 compatibility. 2016-07-10 23:17:17 +03:00
Paul Sokolovsky
d8283d74ff os_port_micropython.h: Add ifdef'ed POSIX defines to ease testing. 2016-07-10 23:17:15 +03:00
Paul Sokolovsky
a4e0f106f3 tls1_svr.c: CONFIG_SSL_ENABLE_SERVER 2016-07-10 23:17:15 +03:00
Paul Sokolovsky
4fa4fb3461 tls1.c: CONFIG_SSL_ENABLE_SERVER 2016-07-10 23:17:15 +03:00
Paul Sokolovsky
06602d26de crypto_misc.h: Don't ifdef declarations. 2016-07-10 23:17:15 +03:00
Paul Sokolovsky
9cd22067ad tls1_svr.c: CONFIG_SSL_DIAGNOSTICS 2016-07-10 23:17:15 +03:00
Paul Sokolovsky
eab10ee5a7 tls1_clnt.c: CONFIG_SSL_DIAGNOSTICS 2016-07-10 23:17:14 +03:00
Paul Sokolovsky
9bf4489a9f tls1.c: CONFIG_SSL_DIAGNOSTICS 2016-07-10 23:17:14 +03:00
Paul Sokolovsky
22b2cc0965 loader.c: CONFIG_SSL_ENABLE_SERVER 2016-07-10 23:17:14 +03:00
Paul Sokolovsky
6f339f9b77 ssl/Config.in: Add explicit CONFIG_SSL_ENABLE_SERVER. 2016-07-10 23:17:13 +03:00
Paul Sokolovsky
e941743c1b Add namespace prefix to hmac_md5/hmac_sha1 functions. 
These are pretty common names and can easily clash with other libraries.
At least, add "ssl_" prefix, as many other axTLS functions have.
 2016-07-10 23:17:13 +03:00
Paul Sokolovsky
463a64723a En-masse other changes to minimize size and make embeddable into uPy. 2016-07-10 23:17:13 +03:00
Paul Sokolovsky
7e9e63023d os_port, tls1: Let port decide whether POSIX-style select() will be used. 
POSIX-style select() is unlikely a good fit for embedded socket
implementation. It actually needed only for non-blocking sockets,
so let ports just be able to skip it. Going forward, this need
to be refactored into direct-purpose function to wait for socket
to be writable to be implemented per port.
 2016-07-10 22:00:24 +03:00
Paul Sokolovsky
b5ba024a9f tls1: Abstract away getting last errno for a socket operation. 
For usage with embedded ports where socket library may have other way to
pass errors rather than via C errno variable.
 2016-07-10 22:00:24 +03:00
cameronrich
eabbfc866f Removed some printfs in skeleton mode 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@258 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-05 20:16:05 +00:00
cameronrich
240f39fa5a Fixed some skeleton mode warnings 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@257 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-05 20:07:17 +00:00
cameronrich
35a9bec2fd Now include os_port.h in tls1.h, but removed ax_malloc and friends 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@255 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-05 19:54:05 +00:00
cameronrich
ef28667444 Can handle SSL chains which are out of order (thanks Paul Johnstone) 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@254 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-05 07:07:45 +00:00
cameronrich
3d0da1dc19 Fixed a memset issue and removed some doubled code (thanks Jens Muller) 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@253 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-05 06:46:55 +00:00
cameronrich
e223aa2133 Removed RC4 from the list of negotiated ciphers as browsers don't support it anymore 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@252 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-06-12 10:51:12 +00:00
cameronrich
a5f7ede493 * Fixed client certificate issue where there is no client certificate and a certificate verify msg was still being sent. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@250 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-07-28 02:44:52 +00:00
cameronrich
acf35f0ea7 * Added named unions in SHA256 code for compilers that don't support it. 
* Some other porting suggestions from Chris Ghormley.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@248 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-04-30 06:06:09 +00:00
cameronrich
b0bd12beda * Added SHA384 and SHA512 digests. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@245 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-03-10 03:08:16 +00:00
cameronrich
0d334d81c2 * PT_APP_PROTOCOL_DATA has a test for hs_status=SSL_OK to prevent possible exchanges before the handshake is complete. 
* Changed license on sha256.c to full BSD.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@244 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2015-03-09 01:42:59 +00:00
cameronrich
67111693e6 * fixed issue where SSL mutex was not being picked up. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@243 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-26 19:50:20 +00:00
cameronrich
b3fc32689d * Added diagnostic in case digest could not be identified. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@240 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-19 10:28:29 +00:00
cameronrich
58790919c1 * Added check to get_asn1_length() to limit the number of octets and to not allow overflow. 
* Changed a few copyright dates to add a bit of new polish :-)

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@239 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-19 10:13:31 +00:00
cameronrich
82a7638efa * Added SHA256 
* Return code checked for get_random()
* MD2 code removed.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@238 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-19 03:51:22 +00:00
cameronrich
9ef84f9234 * RSA_decrypt now checks the integrity of the first 11 bytes. 
* The size of the output buffer in RSA_decrypt is now checked and cleared.
* get_random now returns an error code
* Various system calls now check the return code to remove gcc warnings.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@237 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-11-07 00:38:49 +00:00
cameronrich
08b27ee1cb Modified the test script 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@235 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-10-31 11:01:56 +00:00
olereinhardt
29e7d3554d Fixed array access out of bounds bug in add_cert() 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@234 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-09-24 10:21:23 +00:00
olereinhardt
ce488f9180 Fix handling of return values of SOCKET_READ in process_sslv23_client_hello() 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@233 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2014-09-24 10:19:21 +00:00
cameronrich
e6f9ae68c1 added generalized time for certificates 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@232 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2013-11-14 18:34:36 +00:00
cameronrich
97f9f969a3 added printf changes from Fabian Frank to stop warnings/erros 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@231 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2013-09-22 10:34:51 +00:00
ehuman
5c51893035 Moved setting encryption flags to after handshake completion 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@230 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2013-08-05 15:47:52 +00:00
cameronrich
f74c9cafca Client version number comes from client hello and not the record layer. This was causing issues in Chrome 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@229 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2013-01-06 12:38:42 +00:00
cameronrich
24384a37a4 Changed order of when os_int.h is imported 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@227 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-07-01 10:57:25 +00:00
cameronrich
8ac6264444 looks like some stuff didn't get checked in 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@226 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-06-08 10:42:11 +00:00
cameronrich
c0074b3044 Fixed issue with session id's in the future 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@224 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-02-25 08:07:12 +00:00
cameronrich
af155d91d9 Some fixes after going through the test harness 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@222 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-02-11 11:30:45 +00:00
cameronrich
ffa4da45ee Fix in asn1_get_printable string 
Buffer overflow vulnerability in proc.c
Possible double memory release on invalid certificates.


git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@221 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2012-02-10 10:31:02 +00:00
cameronrich
cd28f3caae Fixed issue with non-blocking client mode. 
Added php mime type.


git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@219 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-09-30 09:41:05 +00:00
cameronrich
15ab963e13 fixed some mconf dependency issues 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@213 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-06-24 21:29:50 +00:00
cameronrich
f22e36ab56 Added test for PKCS8 unencrypted PEM format. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@212 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-06-24 13:11:51 +00:00
cameronrich
96b65cdb96 fixed timeout issue in axhttd, -fPIC enabled, pkcs8 enabled for server 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@211 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-06-24 12:16:42 +00:00
cameronrich
66c588d3ab ensure that a compare with a non-null and null x509 field returns non-zero 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@210 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2011-06-18 11:06:18 +00:00