mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
Merge branch 'cherry-pick-e8360fe0-2' into 'release/v4.1'
wpa_supplicant: clean tls client state machine (backport v4.1) See merge request espressif/esp-idf!15038
This commit is contained in:
commit
05f5998b98
@ -121,6 +121,10 @@ static int tls_mbedtls_read(void *ctx, unsigned char *buf, size_t len)
|
|||||||
struct wpabuf *local_buf;
|
struct wpabuf *local_buf;
|
||||||
size_t data_len = len;
|
size_t data_len = len;
|
||||||
|
|
||||||
|
if (data->in_data == NULL) {
|
||||||
|
return MBEDTLS_ERR_SSL_WANT_READ;
|
||||||
|
}
|
||||||
|
|
||||||
if (len > wpabuf_len(data->in_data)) {
|
if (len > wpabuf_len(data->in_data)) {
|
||||||
wpa_printf(MSG_ERROR, "don't have suffient data\n");
|
wpa_printf(MSG_ERROR, "don't have suffient data\n");
|
||||||
data_len = wpabuf_len(data->in_data);
|
data_len = wpabuf_len(data->in_data);
|
||||||
@ -556,56 +560,26 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
|
|||||||
if (wpabuf_len(in_data)) {
|
if (wpabuf_len(in_data)) {
|
||||||
conn->tls_io_data.in_data = wpabuf_dup(in_data);
|
conn->tls_io_data.in_data = wpabuf_dup(in_data);
|
||||||
}
|
}
|
||||||
ret = mbedtls_ssl_handshake_step(&tls->ssl);
|
|
||||||
if (ret < 0) {
|
|
||||||
wpa_printf(MSG_ERROR, "%s:%d", __func__, __LINE__);
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Multiple reads */
|
/* Multiple reads */
|
||||||
while (conn->tls_io_data.in_data) {
|
while (tls->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) {
|
||||||
|
if (tls->ssl.state == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
|
||||||
|
/* Read random data before session completes, not present after handshake */
|
||||||
|
if (tls->ssl.handshake) {
|
||||||
|
os_memcpy(conn->randbytes, tls->ssl.handshake->randbytes,
|
||||||
|
TLS_RANDOM_LEN * 2);
|
||||||
|
}
|
||||||
|
}
|
||||||
ret = mbedtls_ssl_handshake_step(&tls->ssl);
|
ret = mbedtls_ssl_handshake_step(&tls->ssl);
|
||||||
|
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ) {
|
||||||
/* State machine just started, get client hello */
|
wpa_printf(MSG_INFO, "%s: ret is %d line:%d", __func__, ret, __LINE__);
|
||||||
if (tls->ssl.state == MBEDTLS_SSL_CLIENT_HELLO) {
|
|
||||||
ret = mbedtls_ssl_handshake_step(&tls->ssl);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ret < 0) {
|
|
||||||
wpa_printf(MSG_ERROR, "%s:%d", __func__, __LINE__);
|
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Already read sever data till hello done */
|
|
||||||
if (tls->ssl.state == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
|
|
||||||
/* Read random data before session completes, not present after handshake */
|
|
||||||
if (tls->ssl.handshake) {
|
|
||||||
os_memcpy(conn->randbytes, tls->ssl.handshake->randbytes,
|
|
||||||
TLS_RANDOM_LEN * 2);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* trigger state machine multiple times to reach till finish */
|
|
||||||
while (tls->ssl.state <= MBEDTLS_SSL_CLIENT_FINISHED) {
|
|
||||||
ret = mbedtls_ssl_handshake_step(&tls->ssl);
|
|
||||||
if (ret < 0) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Trigger state machine till handshake is complete or error occures */
|
|
||||||
if (tls->ssl.state == MBEDTLS_SSL_FLUSH_BUFFERS) {
|
|
||||||
while (tls->ssl.state <= MBEDTLS_SSL_HANDSHAKE_OVER) {
|
|
||||||
ret = mbedtls_ssl_handshake_step(&tls->ssl);
|
|
||||||
if (ret < 0) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!conn->tls_io_data.out_data) {
|
if (!conn->tls_io_data.out_data) {
|
||||||
wpa_printf(MSG_INFO, "application data is null, adding one byte for ack");
|
wpa_printf(MSG_INFO, "application data is null, adding one byte for ack");
|
||||||
u8 *dummy = os_zalloc(1);
|
u8 *dummy = os_zalloc(1);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user