Skip to content

Add BearSSL client and server, support true bidir, lower memory, modern SSL #4273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
earlephilhower merged 28 commits into from
May 15, 2018
Merged

Add BearSSL client and server, support true bidir, lower memory, modern SSL #4273

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
9c519a0
Add BearSSL as SSL/TLS provider to ESP8266-Arduino
earlephilhower Feb 1, 2018
fb44b74
Fix crash due to chaange in WiFiClient
earlephilhower Mar 25, 2018
8f6f5df
Merge branch 'master' into bearssl_wip
d-a-v Mar 27, 2018
71b003f
Pull latest bearssl, save 160 bytes
earlephilhower Mar 27, 2018
c9c560e
Merge branch 'master' of https://github.com/esp8266/Arduino into bear…
earlephilhower Mar 28, 2018
c91995c
Use String instead of fixed char[] for SD paths
earlephilhower Mar 30, 2018
c34f564
Merge branch 'master' into bearssl_wip
earlephilhower Apr 2, 2018
2c31676
Attempt platformIO build fix for SD libs
earlephilhower Apr 2, 2018
a6f0042
More PIO build attempts
earlephilhower Apr 2, 2018
5ec2865
Merge branch 'master' into bearssl_wip
earlephilhower Apr 2, 2018
67afc48
Move axTLS code to a separate namespace
earlephilhower Apr 8, 2018
d2412d9
Move BearSSL to its own namespace, too
earlephilhower Apr 8, 2018
65103cf
BearSSL class renamed to standard Client/ServerSecure
earlephilhower Apr 8, 2018
9987019
Make BearSSLServer source compatible with axTLS code
earlephilhower Apr 8, 2018
d317be2
Add axTLS compatible wrappers to BearSSL Client
earlephilhower Apr 8, 2018
35ccf94
Update examples to hardcode BearSSL namespace
earlephilhower Apr 8, 2018
50e780a
Migrate ESP8266WebServerBearSSL to ServerSecure
earlephilhower Apr 8, 2018
6261b79
Merge branch 'master' into bearssl_wip
earlephilhower Apr 8, 2018
bac5c9c
Fix linker script to place bearssl in flash
earlephilhower Apr 8, 2018
6c94e92
Update per code review, remove old dead #if code
earlephilhower Apr 11, 2018
df612f6
Add EC public key parsing support
earlephilhower Apr 11, 2018
fc2aad0
Merge branch 'master' into bearssl_wip
devyte Apr 11, 2018
a064caa
Merge branch 'master' into bearssl_wip
earlephilhower Apr 14, 2018
569bdda
Merge branch 'master' into bearssl_wip
devyte Apr 20, 2018
e8fbc98
Merge branch 'master' into bearssl_wip
earlephilhower Apr 21, 2018
16bcc45
Merge branch 'master' of https://github.com/esp8266/Arduino into bear…
earlephilhower Apr 23, 2018
af52cb4
Merge branch 'master' into bearssl_wip
d-a-v May 11, 2018
3c5a97c
Update BearSSL lib to upstream commit 77b18d97
earlephilhower May 14, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Use String instead of fixed char[] for SD paths 
CertStoreSD was assuming 64 bytes or less for entire SD card path for
DER files. As there is no hard limitation like this in the FAT FS, move
to a String to allow for unlimited lengths.
  • Loading branch information
@earlephilhower
earlephilhower committed Mar 30, 2018
commit c91995ca2baf4ffbf72ede31a0c7c48cb72179b1
22 changes: 8 additions & 14 deletions libraries/ESP8266WiFi/src/CertStoreSDBearSSL.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
#include <SD.h>

CertStoreSDBearSSL::CertStoreSDBearSSL() : CertStoreBearSSL() {
path[0] = 0;
path = "";
}

CertStoreSDBearSSL::~CertStoreSDBearSSL() {
Expand Down Expand Up @@ -56,19 +56,15 @@ int CertStoreSDBearSSL::initCertStore(const char *subdir) {
int count = 0;

// We want path to have a leading slash and a trailing one
String cleaned(subdir);
if (cleaned[0] != '/') {
cleaned = "/" + cleaned;
path = subdir;
if (path[0] != '/') {
path = "/" + path;
}
if (!cleaned.endsWith("/")) {
cleaned = cleaned + "/";
if (!path.endsWith("/")) {
path += "/";
}
strncpy(path, cleaned.c_str(), sizeof(path));
path[sizeof(path) - 1] = 0;

char tblName[64];
snprintf(tblName, sizeof(tblName), "%sca_tbl.bin", path);
tblName[sizeof(tblName) - 1] = 0;
String tblName = path + "ca_tbl.bin";
Copy link
Member

@igrr igrr May 17, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is the name hardcoded?


File tbl = SD.open(tblName, FILE_WRITE);
if (!tbl) {
Expand Down Expand Up @@ -100,9 +96,7 @@ const br_x509_trust_anchor *CertStoreSDBearSSL::findHashedTA(void *ctx, void *ha
CertStoreSDBearSSL *cs = static_cast<CertStoreSDBearSSL*>(ctx);
CertInfo ci;

char tblName[64];
snprintf(tblName, sizeof(tblName), "%sca_tbl.bin", cs->path);
tblName[sizeof(tblName) - 1] = 0;
String tblName = cs->path + "ca_tbl.bin";

if (len != sizeof(ci.sha256) || !SD.exists(tblName)) {
return nullptr;
Expand Down
2 changes: 1 addition & 1 deletion libraries/ESP8266WiFi/src/CertStoreSDBearSSL.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ class CertStoreSDBearSSL : public CertStoreBearSSL {
virtual void installCertStore(br_x509_minimal_context *ctx) override;

private:
char path[64];
String path;
CertInfo preprocessCert(File *f);
// These need to be static as they are callbacks from BearSSL C code
static const br_x509_trust_anchor *findHashedTA(void *ctx, void *hashed_dn, size_t len);
Expand Down