jepler/axtls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
274 commits 5 branches 1 tag 4 MiB
Commit graph

274 commits

This branch
This branch
All branches
Author SHA1 Message Date
Paul Sokolovsky
131056b239 ssl/tls1.c: If underlying stream returned EAGAIN, return SSL_EAGAIN. 
This helps better implement blocking vs non-blocking streams on top of
axTLS (e.g. in MicroPython). Value of SSL_EAGAIN is -4, care was taken
to make sure there's no TLS alert with value of 4 (because axTLS returns
negated alert values as errors).
 2017-10-29 15:54:22 +03:00
Paul Sokolovsky
9b3092eb3b ssl/tls1.c: Hack: dump record size on hitting SSL_ERROR_RECORD_OVERFLOW. 
This is MicroPython-specific hack to allow to easier understand why TLS
conenction doesn't work with some sites on low-heap systems (where TLS
record buffer size is set to far less than default 16K).
 2017-06-13 17:30:02 +03:00
Paul Sokolovsky
cf3c04293b tls1.c: DISPLAY_ALERT: Fix copy-paste error with SSL_ERROR_RECORD_OVERFLOW. 
Function dispatches on SSL_ALERT_*, so should use SSL_ALERT_RECORD_OVERFLOW.
 2017-06-11 23:50:52 +03:00
Paul Sokolovsky
884c0d9f4f os_port_micropython.h: Use MicroPython's SHA256 implementation. 
Which is in turn based on https://github.com/B-Con/crypto-algorithms .
 2017-06-11 14:12:11 +03:00
Paul Sokolovsky
6cfbae5e86 crypto/crypto.h, sha256.c: Allow to override SHA256 implementation. 
axTLS' SHA256 implementation is bloated, more than 10K of x86 code, which
is more than 25% of total library size. So, allow to substitute something
else.
 2017-06-11 14:09:50 +03:00
Paul Sokolovsky
8ab5447904 crypto/crypto_misc.c: RNG_initialize(): Don't do anything for esp8266. 
It's tentative RNG is already setup when axTLS runs.
 2017-06-11 00:07:18 +03:00
Paul Sokolovsky
2d7a5cbe10 ssl/Makefile: Make archive index when creating libaxtls.a. 2017-06-11 00:07:18 +03:00
Paul Sokolovsky
ca8154db03 tls1.h: Allow to override RT_MAX_PLAIN_LENGTH and RT_EXTRA. 2017-06-11 00:07:18 +03:00
Paul Sokolovsky
a13e19fd69 bigint.c: bi_mod_power(): esp8266: Process pending events. 
To avoid watchdog reset/wifi disconnect during long operations.
 2017-06-11 00:07:18 +03:00
Paul Sokolovsky
b68c01f17e makefile.conf: Accept CFLAGS_EXTRA. 2017-06-11 00:07:18 +03:00
Paul Sokolovsky
6be2d23370 crypto_misc.h: CONFIG_SSL_DIAGNOSTICS 2017-06-11 00:07:18 +03:00
Paul Sokolovsky
dd7b7125a4 crypto_misc.h: Don't ifdef in headers. 2017-06-11 00:07:18 +03:00
Paul Sokolovsky
0da011ed4b crypto_misc.c: CONFIG_SSL_DIAGNOSTICS 2017-06-11 00:07:18 +03:00
Paul Sokolovsky
a70c033196 crypto_misc.c: print_blob(): Use snprintf() for MicroPython compatibility. 2017-06-11 00:07:18 +03:00
Paul Sokolovsky
16ba2f70b5 os_int.h, os_port_micropython.h: Changes for esp8266 compatibility. 2017-06-11 00:07:18 +03:00
Paul Sokolovsky
aedf52b991 upyconfig: Enable server support. 2017-06-11 00:07:18 +03:00
Paul Sokolovsky
7f55429c02 upyconfig.client: Client-only config. 2017-06-11 00:07:18 +03:00
Paul Sokolovsky
f881758e7c os_port_micropython.h: Add ifdef'ed POSIX defines to ease testing. 2017-06-11 00:07:18 +03:00
Paul Sokolovsky
5d9fba8bb2 tls1_svr.c: CONFIG_SSL_ENABLE_SERVER 2017-06-11 00:07:18 +03:00
Paul Sokolovsky
53dcd04bda tls1.c: CONFIG_SSL_ENABLE_SERVER 2017-06-11 00:07:18 +03:00
Paul Sokolovsky
4557c27d45 crypto_misc.h: Don't ifdef declarations. 2017-06-11 00:07:18 +03:00
Paul Sokolovsky
49128c4472 tls1_svr.c: CONFIG_SSL_DIAGNOSTICS 2017-06-11 00:07:17 +03:00
Paul Sokolovsky
f0413e1cec tls1_clnt.c: CONFIG_SSL_DIAGNOSTICS 2017-06-11 00:07:17 +03:00
Paul Sokolovsky
60a5c1ca27 tls1.c: CONFIG_SSL_DIAGNOSTICS 2017-06-11 00:07:17 +03:00
Paul Sokolovsky
2749777731 loader.c: CONFIG_SSL_ENABLE_SERVER 2017-06-11 00:07:17 +03:00
Paul Sokolovsky
4cc7c800e3 ssl/Config.in: Add explicit CONFIG_SSL_ENABLE_SERVER. 2017-06-11 00:07:17 +03:00
Paul Sokolovsky
a6f648e35f crypto/crypto_misc: Add tentative random generation for esp8266. 2017-06-11 00:07:17 +03:00
Paul Sokolovsky
9ac4b4a314 Add namespace prefix to hmac_md5/hmac_sha1 functions. 
These are pretty common names and can easily clash with other libraries.
At least, add "ssl_" prefix, as many other axTLS functions have.
 2017-06-11 00:07:17 +03:00
Paul Sokolovsky
4c6d3d3c5e Add .gitignore . 2017-06-11 00:07:17 +03:00
Paul Sokolovsky
770c75c101 Add config for MicroPython build. 2017-06-11 00:07:17 +03:00
Paul Sokolovsky
e61d795f63 En-masse other changes to minimize size and make embeddable into uPy. 2017-06-11 00:07:17 +03:00
Paul Sokolovsky
ca5af256ad os_port, tls1: Let port decide whether POSIX-style select() will be used. 
POSIX-style select() is unlikely a good fit for embedded socket
implementation. It actually needed only for non-blocking sockets,
so let ports just be able to skip it. Going forward, this need
to be refactored into direct-purpose function to wait for socket
to be writable to be implemented per port.
 2017-06-11 00:07:17 +03:00
Paul Sokolovsky
f42739973c tls1: Abstract away getting last errno for a socket operation. 
For usage with embedded ports where socket library may have other way to
pass errors rather than via C errno variable.
 2017-06-11 00:07:17 +03:00
Paul Sokolovsky
db38e20282 hmac: hmac_md5(): Use single padding buffer. 
Saves 64 bytes of stack space.
 2017-06-11 00:07:17 +03:00
Paul Sokolovsky
c7e085a63e hmac: hmac_sha1(): Use single padding buffer. 
Saves 64 bytes of stack space.
 2017-06-11 00:07:17 +03:00
Paul Sokolovsky
7cb4145b66 md5: Optimize for size. 
Original version is 2528 bytes for x86, optimized - 1208.
 2017-06-11 00:07:17 +03:00
cameronrich
4315d76a67 Use <stdbool.h> for bools. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@275 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2017-02-18 21:21:06 +00:00
cameronrich
8073d379d2 * Basic constraint/key usage v3 extensions now supported 
* Test harness must now be run without built-in default cert

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@274 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-12-30 21:59:50 +00:00
cameronrich
d19bcf5257 * Basic constraint functionality added. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@273 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-12-28 19:43:52 +00:00
cameronrich
384241ebcd * X509 State, country and location are now used for verification and display. 
* SNI hostname memory is now managed by the calling application
* X509 version number is checked before processing v3 extensions.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@272 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-12-19 20:20:01 +00:00
cameronrich
df8e0afecf * SNI added 
* Some non-C sample code updated.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@271 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-12-12 19:27:38 +00:00
cameronrich
3805b7c2b9 * RC4 only used if PKCS12 is used. 
* Buffer sizes tightned up.
* Buffer check on client handshake due to some incompatibilities.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@270 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-08-30 10:26:04 +00:00
cameronrich
57b95e6e05 * Put back TLS 1.0. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@268 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-08-17 10:42:49 +00:00
cameronrich
ee9f17bd6a * Tightened up the buffer sizes 
* Removed support for TLS1.0.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@267 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-08-16 07:13:15 +00:00
cameronrich
1017d8a5cc TLS 1.2 now passing a bunch of tests. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@266 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-08-15 10:51:02 +00:00
cameronrich
294159d75e Server side v1.2 is basically working 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@265 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-08-11 10:04:13 +00:00
cameronrich
10f359add6 Client side works with a certificate verify - still lots of work to go. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@264 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-08-09 07:15:32 +00:00
cameronrich
e23d6c390c * Initial crack at TLS 1.2 client side only (server side is seriously broken). 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@263 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-27 11:05:09 +00:00
cameronrich
287ed7dc14 Cleaned up alerts as per TLS v1.2 spec (7.2.2) 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@262 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-21 19:26:45 +00:00
cameronrich
9daa8bcd30 * Backed out code where close notify from other side closed the socket and ssl session. This needs to be done by the application. 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@261 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
 2016-07-19 20:44:20 +00:00