0x1abin
63d21c53e5
altcp mbedtls: Compile error fix.
2021-12-07 00:47:05 +01:00
Tom Collins
601e1bb326
altcp mbedtls: fix error in preprocessor logic setting ALTCP_MBEDTLS_PLATFORM_ALLOC
...
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2021-11-12 22:31:04 +01:00
Erik Ekman
b5618c51ca
altcp: Fix memory leak in altcp_tls_free_config
...
Reported in bug #59032 by Ondrej Lufinka,
fix suggested by David GIRAULT.
2021-01-13 22:19:47 +01:00
Simon Goldschmidt
34352e9649
altcp: mbedtls: no need for SYS_ARCH locking
2020-03-05 21:48:08 +01:00
Simon Goldschmidt
33f2b313c7
altcp: mbedtls: coding style fixes
2020-03-05 21:45:20 +01:00
Simon Goldschmidt
87618e2f2a
Revert "altcp_tls_mbedtls: ensure configuration is properly freed"
...
This reverts commit d84a84e5ca8e8b4b86f2788d4ea77f41508c1a9a.
This commit seemed to be merged in an invalid order
2020-03-05 21:40:23 +01:00
Simon Goldschmidt
21cde5dc9e
altcp: mbedtls: fix compiling altcp_mbedtls_lower_sent()
2020-03-05 21:36:59 +01:00
jona
d6a6b661d9
Fix typos using codespell
...
Conservative strategy was used, maybe other typos remain.
Rebased: Simon Goldschmidt <goldsimon@gmx.de>
2020-02-15 21:45:41 +01:00
David Girault
2be031e238
altcp_tls: ensure no memory leaks and entropy counter is protected
2019-12-11 21:22:42 +01:00
David Girault
dc7ba26e69
altcp_tls: use ERR_CLSD only for handshake error
...
This allow better handling of handshake error in application.
2019-12-11 21:22:42 +01:00
David Girault
316dbc792f
altcp_tls: call the application sent() callback with usefull len
...
First calculate and sum TLS overhead when altcp_mbedtls_write() is called.
Then take care of it when calling application sent callback. Give reveived
len from inner_conn, minus calculated overhead.
2019-12-11 21:22:41 +01:00
David Girault
f97dacd014
altcp_tls: support for saving/restoring session information
...
According to mbedTLS source code and documentation, calls to
`mbedtls_ssl_conf_session_cache` and `mbedtls_ssl_conf_session_tickets_cb`
are only available if mbedTLS is configured for server mode (ie. MBEDTLS_SSL_SRV_C
is defined). This cannot be used on client mode to resume a previous session.
To allow session reuse in client mode, application must save session parameters
(including tickets provided by the server if any) after successfull connection
and restore them before attemting to reconnect. Since `alctp_close()` free the
structure, it cannot be used to store the required information.
So, two new API were added, directly wrapped to mbedTLS functions, allow application
to do that by itself.
Also added full declaration of `struct altcp_tls_session` in altcp_tls.h to allow
easier usage in application when using mbedTLS port.
2019-12-11 21:22:41 +01:00
David Girault
d84a84e5ca
altcp_tls_mbedtls: ensure configuration is properly freed
2019-12-11 21:22:41 +01:00
Simon Goldschmidt
6b3ed88d9c
ALTCP_TLS_MBEDTLS: include mbedtls/net_sockets.h instead of deprecated mbedtls/net.h
...
See patch #9815
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2019-07-26 20:29:27 +02:00
Giuseppe Modugno
832490eec8
Added the configuration option ALTCP_MBEDTLS_AUTHMODE to set the certificate verification mode.
...
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2019-06-11 21:15:45 +02:00
Dirk Ziegelmeier
3d7ff53070
Apply patch for bug #56098 : Support for MQTT over TLS port 443 instead of 8883
2019-04-30 13:22:09 +02:00
David Girault
3cb6ae7770
altcp_tls: assert in altcp_mbedtls_bio_recv if bad state
2019-01-30 17:42:52 +01:00
David Girault
b04d8a6a6c
altcp: support for setting keepalive parameters
2019-01-30 17:42:46 +01:00
David Girault
b298afabdc
altcp_tls_mbedtls: remove entropy/ctr_drbg from altcp_tls_config struct
...
Use only one entropy/ctr_drbg context for all altcp_tls_config structure allocated.
(Small adjustments before committing: fix coding style, adapt to changes in master)
2019-01-30 17:42:39 +01:00
Dirk Ziegelmeier
ea14b774c8
Replace several occurences of stdint types by lwIPs portability typedefs
...
Fixes bug #55405 : Usage of uint8_t instead of ui8_t in TCP code
2019-01-06 21:19:04 +01:00
Simon Goldschmidt
282389a332
altcp_tls_mbedtls: listen: free members of the ssl context
...
The ssl context is not used on listening pcbs. This includes freeing
input/output buffers, so saves ~32KByte by default.
2018-12-03 07:14:02 +01:00
Simon Goldschmidt
3f583a1757
altcp_tls: add functions to create servers with multiple certificates
2018-11-24 13:41:34 +01:00
Simon Goldschmidt
6f232b7c3f
altcp_tls_mbedtls: add session tickes, improve configuration for session cache
2018-11-23 22:39:58 +01:00
Simon Goldschmidt
54448559bb
altcp_tls_mbedtls: add debug output of mbedtls library
2018-11-23 22:25:21 +01:00
Simon Goldschmidt
153c295b6f
altcp_tls_mbedtls: use mbedtls_entropy_func for mbedtls_ctr_drbg_seed
...
This is the default way for mbedTLS. Add entropy sources via defines (see
mbedtls_entropy_init).
This removes the use of ALTCP_MBEDTLS_RNG_FN
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2018-11-06 21:28:45 +01:00
Simon Goldschmidt
fa37888da2
altcp_tls_mbedtls: update list of todos
...
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2018-10-26 20:43:06 +02:00
David GIRAULT
6e994f9df2
bug #54744 : if altcp_close() called from recv() callback, there is some write to freed memory
...
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2018-10-26 19:56:54 +02:00
Dirk Ziegelmeier
06cc825431
Whitespace cleanup lwIP
2018-10-22 20:53:58 +02:00
Simon Goldschmidt
a044c807f8
altcp_tls: rename altcp_tls_new -> altcp_tls_wrap, add altcp_tls_new
...
The new altcp_tls_new() is a type safe version of altcp_tls_alloc()
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2018-09-24 22:29:54 +02:00
Simon Goldschmidt
fc24d4139f
altcp_tls_mbedtls: convert #error on too small TCP_WND to warning
...
Many TLS use cases are OK with a small TCP_WND, so don't prevent these
by having a preprocessor check that cannot be disabled.
2018-09-12 22:24:05 +02:00
Simon Goldschmidt
7749088a83
Fix 2way-auth connections for TLS clients
...
TLS clients that need 2-way authentication (e.g. Amazon AWS IoT cloud mqtt)
need to pass a certificate and private key when creating the tls altcp_pcb.
Added a new function altcp_tls_create_config_client_2wayauth() for this that
replaces altcp_tls_create_config_client() for such clients.
See bug #54601 .
2018-09-07 20:59:31 +02:00
Axel Lin
a56e61c942
Fix compiling with LWIP_NOASSERT defined
...
Signed-off-by: Axel Lin <axel.lin@ingics.com>
2018-06-24 18:18:35 +08:00
goldsimon
325cdf3c0b
altcp_tls_mbedtls: restructure upper callbacks to prevent double-free
...
This fixes bug #53192 : use-after-free in altcp_mbedtls
Signed-off-by: goldsimon <goldsimon@gmx.de>
2018-02-21 14:20:34 +01:00
goldsimon
d66c0e3381
altcp: mbedtls: move freeing state->rx from close to dealloc (catch-all)
2018-02-20 22:12:11 +01:00
goldsimon
2648d30843
altcp_tls_mbedtls.c: tiny function rename
2018-02-16 13:57:38 +01:00
Axel Lin
5d5b8fbb46
Fix trivial copy & paste mistake for comment in header files
...
Signed-off-by: Axel Lin <axel.lin@ingics.com>
2018-02-14 22:49:12 +08:00
goldsimon
de68c5bed6
altcp_mbedtls_sndbuf: use mbedtls_ssl_get_record_expansion()
2018-01-25 13:15:49 +01:00
goldsimon
8a27408eb2
altcp_tls_mbedtls: hide allocation strategy in altcp_tls_create_config()
2018-01-16 21:41:44 +01:00
David Girault
42f14a96fb
altcp_tls: avoid use of static in altcp_tls_config
...
cert and pkey are allocated with the altcp_tls_config structure.
Signed-off-by: goldsimon <goldsimon@gmx.de>
2018-01-16 21:03:43 +01:00
David Girault
c7106cc57f
altcp_tls: fix pbuf leaked when handshake failed
...
Signed-off-by: goldsimon <goldsimon@gmx.de>
2018-01-16 20:56:15 +01:00
David Girault
6ccd12b97c
altcp_mbedtls: added altcp_mbedtls_sndbuf implementation
...
Signed-off-by: goldsimon <goldsimon@gmx.de>
2018-01-11 10:34:55 +01:00
Axel Lin
ec9f227eae
apps/altcp_tls: Remove redundant check for altcp_mbedtls_malloc_clear_stats
...
No need to check altcp_mbedtls_malloc_clear_stats twice.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: goldsimon <goldsimon@gmx.de>
2017-12-05 06:35:44 +01:00
David Girault
5290eacf08
altcp_mbedtls: close and error related fixes
...
- call conn->err() instead of conn->recv() if handshake fail and free conn
- close inner_conn and free current conn in altcp_mbedtls_close()
Signed-off-by: goldsimon <goldsimon@gmx.de>
2017-11-15 21:58:12 +01:00
goldsimon
bd2e820829
Fix double-free when closing mbedTLS connections
...
Partly revert commit 0486100a2bcbce74a7214ee4f11782a9441acbf0 from 07.08.2017 as it breaks layering: every layer must free its own altcp_pcb. Freeing the inner_conn is not the right way.
2017-11-14 22:21:08 +01:00
Dirk Ziegelmeier
c35b1099a4
Reformat altcp_tls_mbedtls* using astylerc
2017-09-17 17:52:44 +02:00
goldsimon
991f751305
Even more pbuf_header -> pbuf_add/remove_header replacements (also in strings)
2017-08-08 20:51:57 +02:00
goldsimon
07434aa73a
More pbuf_header -> pbuf_add/remove_header replacements
2017-08-08 20:40:26 +02:00
goldsimon
6d28e9de79
Some cleanups after applying David Girault's altcp patches
2017-08-08 12:59:49 +02:00
David Girault
bc3edfb4d7
altcp_tls_mbedtls: remove "rx pbufs left at end of handshake" assert
...
There is case where a close notify come right after the handshake and is in the same pbuf!
So just handle these data like any other data.
2017-08-08 12:59:48 +02:00
David Girault
0486100a2b
altcp_tls: some fixes
...
- added `altcp_tls_free_config()`.
- added `altcp_tls_context()` function to allow mbedtls parameter tweak.
Since state structure isn't exported, this allow application to get
internal context (port dependent) to tweak it.
- free altcp_pcb when lower error callback called.
2017-08-08 12:59:47 +02:00