abc/lwip
1
0
Fork 0
mirror of https://git.savannah.nongnu.org/git/lwip.git synced 2025-08-04 13:34:38 +08:00
Code Issues Packages Projects Releases Wiki Activity
6,230 Commits 4 Branches 51 Tags
Commit Graph

42 Commits

Author SHA1 Message Date
Simon Goldschmidt
ff14bbb3c1 altcp_tls_mbedtls: listen: free members of the ssl context 
The ssl context is not used on listening pcbs. This includes freeing
input/output buffers, so saves ~32KByte by default.

(cherry picked from commit 282389a3325d71e8c6ce7dbe1ceb3fd6875d9051)
 2019-02-18 13:12:42 +01:00
Simon Goldschmidt
89be04ce7a altcp_tls: add functions to create servers with multiple certificates 
(cherry picked from commit 3f583a17575f5180d767c9d9eaf5ef3a5aa21501)
 2019-02-18 13:12:19 +01:00
Simon Goldschmidt
4b3c59e4cc altcp_tls_mbedtls: add session tickes, improve configuration for session cache 
(cherry picked from commit 6f232b7c3f04e80465a9edb5805dbf90f58fb515)
 2019-02-18 13:12:18 +01:00
Simon Goldschmidt
beeb300c18 altcp_tls_mbedtls: add debug output of mbedtls library 
(cherry picked from commit 54448559bbbde6bec74eb41234ecfd0ab77cd74b)
 2019-02-18 13:12:18 +01:00
Simon Goldschmidt
79732693f3 altcp_tls_mbedtls: use mbedtls_entropy_func for mbedtls_ctr_drbg_seed 
This is the default way for mbedTLS. Add entropy sources via defines (see
mbedtls_entropy_init).

This removes the use of ALTCP_MBEDTLS_RNG_FN

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
(cherry picked from commit 153c295b6faa32697e8794039a69b84b0a9d0652)
 2019-02-18 13:12:17 +01:00
Simon Goldschmidt
ef3d12c60e altcp_tls: whitespace cleanup 2019-02-18 13:11:27 +01:00
Simon Goldschmidt
608a2f9741 Revert "altcp_tls_mbedtls: implement mbedTLS debug output, comment fixes" 
This reverts commit 422623a87b7fef4b29279a01752407acb47c8488.
 2019-02-18 13:09:32 +01:00
Simon Goldschmidt
422623a87b altcp_tls_mbedtls: implement mbedTLS debug output, comment fixes 2018-11-08 20:48:31 +01:00
Simon Goldschmidt
f58324b576 altcp_tls_mbedtls: update list of todos 
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
 2018-10-26 20:43:12 +02:00
David GIRAULT
205cd7c1f6 bug #54744: if altcp_close() called from recv() callback, there is some write to freed memory 
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
(cherry picked from commit 6e994f9df2da80cae1f88e7b771c4b803af0ce0d)
 2018-10-26 19:59:33 +02:00
Simon Goldschmidt
a044c807f8 altcp_tls: rename altcp_tls_new -> altcp_tls_wrap, add altcp_tls_new 
The new altcp_tls_new() is a type safe version of altcp_tls_alloc()

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
 2018-09-24 22:29:54 +02:00
Simon Goldschmidt
fc24d4139f altcp_tls_mbedtls: convert #error on too small TCP_WND to warning 
Many TLS use cases are OK with a small TCP_WND, so don't prevent these
by having a preprocessor check that cannot be disabled.
 2018-09-12 22:24:05 +02:00
Simon Goldschmidt
7749088a83 Fix 2way-auth connections for TLS clients 
TLS clients that need 2-way authentication (e.g. Amazon AWS IoT cloud mqtt)
need to pass a certificate and private key when creating the tls altcp_pcb.

Added a new function altcp_tls_create_config_client_2wayauth() for this that
replaces altcp_tls_create_config_client() for such clients.

See bug #54601.
 2018-09-07 20:59:31 +02:00
Axel Lin
a56e61c942 Fix compiling with LWIP_NOASSERT defined 
Signed-off-by: Axel Lin <axel.lin@ingics.com>
 2018-06-24 18:18:35 +08:00
goldsimon
325cdf3c0b altcp_tls_mbedtls: restructure upper callbacks to prevent double-free 
This fixes bug #53192: use-after-free in altcp_mbedtls

Signed-off-by: goldsimon <goldsimon@gmx.de>
 2018-02-21 14:20:34 +01:00
goldsimon
d66c0e3381 altcp: mbedtls: move freeing state->rx from close to dealloc (catch-all) 2018-02-20 22:12:11 +01:00
goldsimon
2648d30843 altcp_tls_mbedtls.c: tiny function rename 2018-02-16 13:57:38 +01:00
goldsimon
de68c5bed6 altcp_mbedtls_sndbuf: use mbedtls_ssl_get_record_expansion() 2018-01-25 13:15:49 +01:00
goldsimon
8a27408eb2 altcp_tls_mbedtls: hide allocation strategy in altcp_tls_create_config() 2018-01-16 21:41:44 +01:00
David Girault
42f14a96fb altcp_tls: avoid use of static in altcp_tls_config 
cert and pkey are allocated with the altcp_tls_config structure.

Signed-off-by: goldsimon <goldsimon@gmx.de>
 2018-01-16 21:03:43 +01:00
David Girault
c7106cc57f altcp_tls: fix pbuf leaked when handshake failed 
Signed-off-by: goldsimon <goldsimon@gmx.de>
 2018-01-16 20:56:15 +01:00
David Girault
6ccd12b97c altcp_mbedtls: added altcp_mbedtls_sndbuf implementation 
Signed-off-by: goldsimon <goldsimon@gmx.de>
 2018-01-11 10:34:55 +01:00
David Girault
5290eacf08 altcp_mbedtls: close and error related fixes 
- call conn->err() instead of conn->recv() if handshake fail and free conn
- close inner_conn and free current conn in altcp_mbedtls_close()

Signed-off-by: goldsimon <goldsimon@gmx.de>
 2017-11-15 21:58:12 +01:00
goldsimon
bd2e820829 Fix double-free when closing mbedTLS connections 
Partly revert commit 0486100a2bcbce74a7214ee4f11782a9441acbf0 from 07.08.2017 as it breaks layering: every layer must free its own altcp_pcb. Freeing the inner_conn is not the right way.
 2017-11-14 22:21:08 +01:00
Dirk Ziegelmeier
c35b1099a4 Reformat altcp_tls_mbedtls* using astylerc 2017-09-17 17:52:44 +02:00
goldsimon
991f751305 Even more pbuf_header -> pbuf_add/remove_header replacements (also in strings) 2017-08-08 20:51:57 +02:00
goldsimon
07434aa73a More pbuf_header -> pbuf_add/remove_header replacements 2017-08-08 20:40:26 +02:00
goldsimon
6d28e9de79 Some cleanups after applying David Girault's altcp patches 2017-08-08 12:59:49 +02:00
David Girault
bc3edfb4d7 altcp_tls_mbedtls: remove "rx pbufs left at end of handshake" assert 
There is case where a close notify come right after the handshake and is in the same pbuf!
So just handle these data like any other data.
 2017-08-08 12:59:48 +02:00
David Girault
0486100a2b altcp_tls: some fixes 
- added `altcp_tls_free_config()`.
- added `altcp_tls_context()` function to allow mbedtls parameter tweak.

  Since state structure isn't exported, this allow application to get
  internal context (port dependent) to tweak it.

- free altcp_pcb when lower error callback called.
 2017-08-08 12:59:47 +02:00
David Girault
8b1a4ef711 altcp_tls_mbedtls: fix log messages by include a \n 2017-08-08 12:59:44 +02:00
goldsimon
44f7a3cb0d work on -Wconversion... 2017-07-05 22:31:58 +02:00
Dirk Ziegelmeier
6559ffd848 Fix C++ style comment in altcp_tls_mbedtls.c 2017-03-31 13:05:04 +02:00
goldsimon
4313bf2a74 altcp_tls_mbedtls: fix TX when lower write returns ERR_MEM 2017-03-30 14:55:37 +02:00
goldsimon
51dbd1a7c0 altcp: added altcp_get_port() 2017-03-30 14:19:31 +02:00
Dirk Ziegelmeier
38651b8069 Cleanup #include structure of altcp_tls a bit 
(as discussed with Simon today)
 2017-03-28 20:31:25 +02:00
goldsimon
537c258efa httpd/altcp: add forgotten functions 2017-03-28 14:04:40 +02:00
goldsimon
425b2dda61 altcp_get_ip: added altcp_get_ip(), added default functions that only defer a call to the inner_conn (moved from tls_mbedtls to generic altcp) 2017-03-26 22:26:40 +02:00
goldsimon
6add16e36b altcp_tls_mbedtls: fixed memory leak introduced by delayed deallocation 2017-03-25 20:35:46 +01:00
goldsimon
0581a77731 Prepare altcp_tls_mbedtls for TLS clients (not fully tested yet) 2017-03-24 15:25:43 +01:00
goldsimon
a2bc02d682 altcp_tls_mbedtls: improve sent/recved handling 2017-03-23 22:04:36 +01:00
goldsimon
1e26652d2e renamed altcp_mbedtls files to altcp_tls_mbedtls 2017-03-23 08:34:02 +01:00