abc/lwip
1
0
Fork 0
mirror of https://git.savannah.nongnu.org/git/lwip.git synced 2025-08-03 21:14:40 +08:00
Code Issues Packages Projects Releases Wiki Activity
6,713 Commits 4 Branches 51 Tags
Commit Graph

59 Commits

Author SHA1 Message Date
0x1abin
63d21c53e5 altcp mbedtls: Compile error fix. 2021-12-07 00:47:05 +01:00
Erik Ekman
b5618c51ca altcp: Fix memory leak in altcp_tls_free_config 
Reported in bug #59032 by Ondrej Lufinka,
fix suggested by David GIRAULT.
 2021-01-13 22:19:47 +01:00
Simon Goldschmidt
34352e9649 altcp: mbedtls: no need for SYS_ARCH locking 2020-03-05 21:48:08 +01:00
Simon Goldschmidt
33f2b313c7 altcp: mbedtls: coding style fixes 2020-03-05 21:45:20 +01:00
Simon Goldschmidt
87618e2f2a Revert "altcp_tls_mbedtls: ensure configuration is properly freed" 
This reverts commit d84a84e5ca8e8b4b86f2788d4ea77f41508c1a9a.

This commit seemed to be merged in an invalid order
 2020-03-05 21:40:23 +01:00
Simon Goldschmidt
21cde5dc9e altcp: mbedtls: fix compiling altcp_mbedtls_lower_sent() 2020-03-05 21:36:59 +01:00
jona
d6a6b661d9 Fix typos using codespell 
Conservative strategy was used, maybe other typos remain.

Rebased: Simon Goldschmidt <goldsimon@gmx.de>
 2020-02-15 21:45:41 +01:00
David Girault
2be031e238 altcp_tls: ensure no memory leaks and entropy counter is protected 2019-12-11 21:22:42 +01:00
David Girault
dc7ba26e69 altcp_tls: use ERR_CLSD only for handshake error 
This allow better handling of handshake error in application.
 2019-12-11 21:22:42 +01:00
David Girault
316dbc792f altcp_tls: call the application sent() callback with usefull len 
First calculate and sum TLS overhead when altcp_mbedtls_write() is called.
Then take care of it when calling application sent callback. Give reveived
len from inner_conn, minus calculated overhead.
 2019-12-11 21:22:41 +01:00
David Girault
f97dacd014 altcp_tls: support for saving/restoring session information 
According to mbedTLS source code and documentation, calls to
`mbedtls_ssl_conf_session_cache` and `mbedtls_ssl_conf_session_tickets_cb`
are only available if mbedTLS is configured for server mode (ie. MBEDTLS_SSL_SRV_C
is defined). This cannot be used on client mode to resume a previous session.

To allow session reuse in client mode, application must save session parameters
(including tickets provided by the server if any) after successfull connection
and restore them before attemting to reconnect. Since `alctp_close()` free the
structure, it cannot be used to store the required information.

So, two new API were added, directly wrapped to mbedTLS functions, allow application
to do that by itself.

Also added full declaration of `struct altcp_tls_session` in altcp_tls.h to allow
easier usage in application when using mbedTLS port.
 2019-12-11 21:22:41 +01:00
David Girault
d84a84e5ca altcp_tls_mbedtls: ensure configuration is properly freed 2019-12-11 21:22:41 +01:00
Simon Goldschmidt
6b3ed88d9c ALTCP_TLS_MBEDTLS: include mbedtls/net_sockets.h instead of deprecated mbedtls/net.h 
See patch #9815

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
 2019-07-26 20:29:27 +02:00
Giuseppe Modugno
832490eec8 Added the configuration option ALTCP_MBEDTLS_AUTHMODE to set the certificate verification mode. 
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
 2019-06-11 21:15:45 +02:00
Dirk Ziegelmeier
3d7ff53070 Apply patch for bug #56098: Support for MQTT over TLS port 443 instead of 8883 2019-04-30 13:22:09 +02:00
David Girault
3cb6ae7770 altcp_tls: assert in altcp_mbedtls_bio_recv if bad state 2019-01-30 17:42:52 +01:00
David Girault
b04d8a6a6c altcp: support for setting keepalive parameters 2019-01-30 17:42:46 +01:00
David Girault
b298afabdc altcp_tls_mbedtls: remove entropy/ctr_drbg from altcp_tls_config struct 
Use only one entropy/ctr_drbg context for all altcp_tls_config structure allocated.

(Small adjustments before committing: fix coding style, adapt to changes in master)
 2019-01-30 17:42:39 +01:00
Dirk Ziegelmeier
ea14b774c8 Replace several occurences of stdint types by lwIPs portability typedefs 
Fixes bug #55405: Usage of uint8_t instead of ui8_t in TCP code
 2019-01-06 21:19:04 +01:00
Simon Goldschmidt
282389a332 altcp_tls_mbedtls: listen: free members of the ssl context 
The ssl context is not used on listening pcbs. This includes freeing
input/output buffers, so saves ~32KByte by default.
 2018-12-03 07:14:02 +01:00
Simon Goldschmidt
3f583a1757 altcp_tls: add functions to create servers with multiple certificates 2018-11-24 13:41:34 +01:00
Simon Goldschmidt
6f232b7c3f altcp_tls_mbedtls: add session tickes, improve configuration for session cache 2018-11-23 22:39:58 +01:00
Simon Goldschmidt
54448559bb altcp_tls_mbedtls: add debug output of mbedtls library 2018-11-23 22:25:21 +01:00
Simon Goldschmidt
153c295b6f altcp_tls_mbedtls: use mbedtls_entropy_func for mbedtls_ctr_drbg_seed 
This is the default way for mbedTLS. Add entropy sources via defines (see
mbedtls_entropy_init).

This removes the use of ALTCP_MBEDTLS_RNG_FN

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
 2018-11-06 21:28:45 +01:00
Simon Goldschmidt
fa37888da2 altcp_tls_mbedtls: update list of todos 
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
 2018-10-26 20:43:06 +02:00
David GIRAULT
6e994f9df2 bug #54744: if altcp_close() called from recv() callback, there is some write to freed memory 
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
 2018-10-26 19:56:54 +02:00
Dirk Ziegelmeier
06cc825431 Whitespace cleanup lwIP 2018-10-22 20:53:58 +02:00
Simon Goldschmidt
a044c807f8 altcp_tls: rename altcp_tls_new -> altcp_tls_wrap, add altcp_tls_new 
The new altcp_tls_new() is a type safe version of altcp_tls_alloc()

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
 2018-09-24 22:29:54 +02:00
Simon Goldschmidt
fc24d4139f altcp_tls_mbedtls: convert #error on too small TCP_WND to warning 
Many TLS use cases are OK with a small TCP_WND, so don't prevent these
by having a preprocessor check that cannot be disabled.
 2018-09-12 22:24:05 +02:00
Simon Goldschmidt
7749088a83 Fix 2way-auth connections for TLS clients 
TLS clients that need 2-way authentication (e.g. Amazon AWS IoT cloud mqtt)
need to pass a certificate and private key when creating the tls altcp_pcb.

Added a new function altcp_tls_create_config_client_2wayauth() for this that
replaces altcp_tls_create_config_client() for such clients.

See bug #54601.
 2018-09-07 20:59:31 +02:00
Axel Lin
a56e61c942 Fix compiling with LWIP_NOASSERT defined 
Signed-off-by: Axel Lin <axel.lin@ingics.com>
 2018-06-24 18:18:35 +08:00
goldsimon
325cdf3c0b altcp_tls_mbedtls: restructure upper callbacks to prevent double-free 
This fixes bug #53192: use-after-free in altcp_mbedtls

Signed-off-by: goldsimon <goldsimon@gmx.de>
 2018-02-21 14:20:34 +01:00
goldsimon
d66c0e3381 altcp: mbedtls: move freeing state->rx from close to dealloc (catch-all) 2018-02-20 22:12:11 +01:00
goldsimon
2648d30843 altcp_tls_mbedtls.c: tiny function rename 2018-02-16 13:57:38 +01:00
goldsimon
de68c5bed6 altcp_mbedtls_sndbuf: use mbedtls_ssl_get_record_expansion() 2018-01-25 13:15:49 +01:00
goldsimon
8a27408eb2 altcp_tls_mbedtls: hide allocation strategy in altcp_tls_create_config() 2018-01-16 21:41:44 +01:00
David Girault
42f14a96fb altcp_tls: avoid use of static in altcp_tls_config 
cert and pkey are allocated with the altcp_tls_config structure.

Signed-off-by: goldsimon <goldsimon@gmx.de>
 2018-01-16 21:03:43 +01:00
David Girault
c7106cc57f altcp_tls: fix pbuf leaked when handshake failed 
Signed-off-by: goldsimon <goldsimon@gmx.de>
 2018-01-16 20:56:15 +01:00
David Girault
6ccd12b97c altcp_mbedtls: added altcp_mbedtls_sndbuf implementation 
Signed-off-by: goldsimon <goldsimon@gmx.de>
 2018-01-11 10:34:55 +01:00
David Girault
5290eacf08 altcp_mbedtls: close and error related fixes 
- call conn->err() instead of conn->recv() if handshake fail and free conn
- close inner_conn and free current conn in altcp_mbedtls_close()

Signed-off-by: goldsimon <goldsimon@gmx.de>
 2017-11-15 21:58:12 +01:00
goldsimon
bd2e820829 Fix double-free when closing mbedTLS connections 
Partly revert commit 0486100a2bcbce74a7214ee4f11782a9441acbf0 from 07.08.2017 as it breaks layering: every layer must free its own altcp_pcb. Freeing the inner_conn is not the right way.
 2017-11-14 22:21:08 +01:00
Dirk Ziegelmeier
c35b1099a4 Reformat altcp_tls_mbedtls* using astylerc 2017-09-17 17:52:44 +02:00
goldsimon
991f751305 Even more pbuf_header -> pbuf_add/remove_header replacements (also in strings) 2017-08-08 20:51:57 +02:00
goldsimon
07434aa73a More pbuf_header -> pbuf_add/remove_header replacements 2017-08-08 20:40:26 +02:00
goldsimon
6d28e9de79 Some cleanups after applying David Girault's altcp patches 2017-08-08 12:59:49 +02:00
David Girault
bc3edfb4d7 altcp_tls_mbedtls: remove "rx pbufs left at end of handshake" assert 
There is case where a close notify come right after the handshake and is in the same pbuf!
So just handle these data like any other data.
 2017-08-08 12:59:48 +02:00
David Girault
0486100a2b altcp_tls: some fixes 
- added `altcp_tls_free_config()`.
- added `altcp_tls_context()` function to allow mbedtls parameter tweak.

  Since state structure isn't exported, this allow application to get
  internal context (port dependent) to tweak it.

- free altcp_pcb when lower error callback called.
 2017-08-08 12:59:47 +02:00
David Girault
8b1a4ef711 altcp_tls_mbedtls: fix log messages by include a \n 2017-08-08 12:59:44 +02:00
goldsimon
44f7a3cb0d work on -Wconversion... 2017-07-05 22:31:58 +02:00
Dirk Ziegelmeier
6559ffd848 Fix C++ style comment in altcp_tls_mbedtls.c 2017-03-31 13:05:04 +02:00