summaryrefslogtreecommitdiff
path: root/lib/lwip
AgeCommit message (Collapse)Author
2025-03-11lwip: tls: warn when no CA exists amd log certificate validation errorsJerome Forissier
Using HTTPS without root (CA) certificates is a security issue. Print a warning in this case. Also, when certificate verification fail, print an additional message because "HTTP client error 4" is not very informative (4 is HTTPC_RESULT_ERR_CLOSED). Signed-off-by: Jerome Forissier <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]>
2025-03-11lwip: tls: enforce checking of server certificates based on CA availabilityJerome Forissier
Instead of relying on some build time configuration to determine if server certificates need to be checked against CA certificates, do it based on the availability of such certificates. If no CA is configured then no check can succeed; on the other hand if we have CA certs then we should not ignore them. It is always possible to remove the CA certs (via 'wget cacert 0 0') to force an HTTPS download that would fail certificate validation. Signed-off-by: Jerome Forissier <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]>
2025-02-12net: use strnstr() for lwip_strnstr()Heinrich Schuchardt
Using strstr() instead of strnstr() creates a security concern. Fixes: 1c41a7afaa15 ("net: lwip: build lwIP") Signed-off-by: Heinrich Schuchardt <[email protected]> Reviewed-by: Jerome Forissier <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]> Signed-off-by: Jerome Forissier <[email protected]>
2025-02-12net: lwip: tftp: fix find_option()Heinrich Schuchardt
Find_option() is used to retrieve the block size value in an option acknowledgment in response to a request containing a block size option according to RFC2348. The format of an OACK response is described in RFC2347 as +-------+---~~---+---+---~~---+---+---~~---+---+---~~---+---+ | opc | opt1 | 0 | value1 | 0 | optN | 0 | valueN | 0 | +-------+---~~---+---+---~~---+---+---~~---+---+---~~---+---+ The current implementation of find_option() only works if * blksize is the first option * lwip_strnstr() ignores the length parameter, i.e. is implemented via strstr() The OACK messages starts with 0x00 0x06. If 'blksize' is the first option, strstr() reports a match when the first parameter points to 0x06. Adding the string length of 'blksize' plus 2 to the location of the 0x06 byte points to the value. Find_option() would report a match for option 'blksize' if the response contained an option called 'foo_blksize_bar'. In this case find_option() would return 'bar' as the value string. If 'blksize' were the second option, find_option() would return a pointer to the second character of the value string. Furthermore find_option() does not detect if the value string is NUL terminated. This may lead to a buffer overrun. Provide an implementation that correctly steps from option to option. Fixes: 27d7ccda94fa ("net: lwip: tftp: add support of blksize option to client") Signed-off-by: Heinrich Schuchardt <[email protected]> Reviewed-by: Jerome Forissier <[email protected]> Tested-by: Jerome Forissier <[email protected]> (qemu_arm64_lwip) Signed-off-by: Jerome Forissier <[email protected]>
2024-12-06mbedtls: remove MBEDTLS_HAVE_TIMEIlias Apalodimas
When MbedTLS TLS features were added MBEDTLS_HAVE_TIME was defined as part of enabling https:// support. However that pointed to the wrong function which could crash if it received a NULL pointer. Looking closer that function is not really needed, as it only seems to increase the RNG entropy by using 4b of the current time and date. The reason that was enabled is that lwIP was unconditionally requiring it, although it's configurable and can be turned off. Since lwIP doesn't use that field anywhere else, make it conditional and disable it from our config. Fixes: commit a564f5094f62 ("mbedtls: Enable TLS 1.2 support") Reported-by: Heinrich Schuchardt <[email protected]> Signed-off-by: Ilias Apalodimas <[email protected]> Reviewed-by: Heinrich Schuchardt <[email protected]> Acked-by: Jerome Forissier <[email protected]>
2024-12-06net: disable MBEDTLS in SPLHeinrich Schuchardt
Building SPL fails with MBEDTLS enabled. Currently we don't need it there. Signed-off-by: Heinrich Schuchardt <[email protected]> Acked-by: Jerome Forissier <[email protected]>
2024-11-14lwip: fix code style issuesJerome Forissier
Fix various code style issues in the lwIP code. Reported-by: Tom Rini <[email protected]> Signed-off-by: Jerome Forissier <[email protected]> Acked-by: Ilias Apalodimas <[email protected]>
2024-11-12net: lwip: Add Support Server Name Indication supportJavier Tia
SNI, or Server Name Indication, is an addition to the TLS encryption protocol that enables a client device to specify the domain name it is trying to reach in the first step of the TLS handshake, preventing common name mismatch errors and not reaching to HTTPS server that enforce this condition. Since most of the websites require it nowadays add support for it. It's worth noting that this is already sent to lwIP [0] [0] https://github.com/lwip-tcpip/lwip/pull/47 Signed-off-by: Javier Tia <[email protected]> Reviewed-by: Jerome Forissier <[email protected]> Signed-off-by: Ilias Apalodimas <[email protected]>
2024-11-12net: lwip: Update lwIP for mbedTLS > 3.0 support and enable httpsJavier Tia
The current code support mbedTLS 2.28. Since we are using a newer version in U-Boot, update the necessary accessors and the lwIP codebase to work with mbedTLS 3.6.0. It's worth noting that the patches are already sent to lwIP [0] While at it enable LWIP_ALTCP_TLS and enable TLS support in lwIP [0] https://github.com/lwip-tcpip/lwip/pull/47 Signed-off-by: Javier Tia <[email protected]> Acked-by: Jerome Forissier <[email protected]> Signed-off-by: Ilias Apalodimas <[email protected]>
2024-10-16net: lwip: tftp: add support of blksize option to clientJerome Forissier
The TFTP protocol uses a default block size of 512 bytes. This value is sub-optimal for ethernet devices, which have a MTU (Maximum Transmission Unit) of 1500 bytes. When taking into acount the overhead of the IP and UDP layers, this leaves 1468 bytes for the TFTP payload. This patch introduces a new function: tftp_client_set_blksize() which may be used to change the block size from the default. It has to be called after tftp_client_init() and before tftp_get(). If the server does not support the option, the client will still accept to receive 512-byte blocks. Submitted upstream: https://savannah.nongnu.org/patch/index.php?10462 Signed-off-by: Jerome Forissier <[email protected]> Acked-by: Ilias Apalodimas <[email protected]>
2024-10-16net: lwip: tftp: bind to TFTP port only when in server modeJerome Forissier
The TFTP app should not bind to the TFTP server port when configured as a client. Instead, the local port should be chosen from the dynamic range (49152 ~ 65535) so that if the application is stopped and started again, the remote server will not consider the new packets as part of the same context (which would cause an error since a new RRQ would be unexpected). Submitted upstream: https://savannah.nongnu.org/patch/?10480 Signed-off-by: Jerome Forissier <[email protected]> Reviewed-by: Ilias Apalodimas <[email protected]>
2024-10-16net: lwip: build lwIPJerome Forissier
Build the lwIP library when NET_LWIP is enabled. The following files are adaptation layers written specially for U-Boot: lib/lwip/u-boot/arch/cc.h lib/lwip/u-boot/arch/sys_arch.h (empty) lib/lwip/u-boot/limits.h (empty) lib/lwip/u-boot/lwipopts.h They were initially contributed by Maxim in a previous RFC patch series. The lwIP stack needs to be added as a Git subtree with the following command: $ git subtree add --squash --prefix lib/lwip/lwip \ https://github.com/lwip-tcpip/lwip.git STABLE-2_2_0_RELEASE Signed-off-by: Jerome Forissier <[email protected]> Co-developed-by: Maxim Uvarov <[email protected]> Cc: Maxim Uvarov <[email protected]> Acked-by: Ilias Apalodimas <[email protected]>
2024-10-16Merge commit 'f3f86fd1fe0fb288356bff78f8a6fa2edf89e3fc' as 'lib/lwip/lwip'Tom Rini