alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'bugfix/eap_client_windows' into 'master'

Browse Source 
wpa_supplicant: clean tls client state machine

Closes IDFGH-5702, IDFGH-5662, and IDFGH-119

Closes https://github.com/espressif/esp-idf/issues/7422
Closes https://github.com/espressif/esp-idf/issues/1297

See merge request espressif/esp-idf!14968

(cherry picked from commit e8360fe075)

d3a42d78 wpa_supplicant: clean tls client state machine
This commit is contained in:
Kapil Gupta 2021-08-31 19:06:35 +00:00
parent 1e309a3885
commit 789a7e5e5a
1 changed files with 15 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
components/wpa_supplicant/src/crypto/tls_mbedtls.c
View File

@ -121,6 +121,10 @@ static int tls_mbedtls_read(void *ctx, unsigned char *buf, size_t len)
struct wpabuf *local_buf;
size_t data_len = len;
if (data->in_data == NULL) {
return MBEDTLS_ERR_SSL_WANT_READ;
}
if (len > wpabuf_len(data->in_data)) {
wpa_printf(MSG_ERROR, "don't have suffient data\n");
data_len = wpabuf_len(data->in_data);
@ -556,56 +560,26 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
if (wpabuf_len(in_data)) {
conn->tls_io_data.in_data = wpabuf_dup(in_data);
}
ret = mbedtls_ssl_handshake_step(&tls->ssl);
if (ret < 0) {
wpa_printf(MSG_ERROR, "%s:%d", __func__, __LINE__);
goto end;
}
/* Multiple reads */
while (conn->tls_io_data.in_data) {
while (tls->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) {
if (tls->ssl.state == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
/* Read random data before session completes, not present after handshake */
if (tls->ssl.handshake) {
os_memcpy(conn->randbytes, tls->ssl.handshake->randbytes,
TLS_RANDOM_LEN * 2);
}
}
ret = mbedtls_ssl_handshake_step(&tls->ssl);
if (ret < 0)
break;
}
/* State machine just started, get client hello */
if (tls->ssl.state == MBEDTLS_SSL_CLIENT_HELLO) {
ret = mbedtls_ssl_handshake_step(&tls->ssl);
}
if (ret < 0) {
wpa_printf(MSG_ERROR, "%s:%d", __func__, __LINE__);
if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ) {
wpa_printf(MSG_INFO, "%s: ret is %d line:%d", __func__, ret, __LINE__);
goto end;
}
/* Already read sever data till hello done */
if (tls->ssl.state == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
/* Read random data before session completes, not present after handshake */
if (tls->ssl.handshake) {
os_memcpy(conn->randbytes, tls->ssl.handshake->randbytes,
TLS_RANDOM_LEN * 2);
}
/* trigger state machine multiple times to reach till finish */
while (tls->ssl.state <= MBEDTLS_SSL_CLIENT_FINISHED) {
ret = mbedtls_ssl_handshake_step(&tls->ssl);
if (ret < 0) {
break;
}
}
}
/* Trigger state machine till handshake is complete or error occures */
if (tls->ssl.state == MBEDTLS_SSL_FLUSH_BUFFERS) {
while (tls->ssl.state <= MBEDTLS_SSL_HANDSHAKE_OVER) {
ret = mbedtls_ssl_handshake_step(&tls->ssl);
if (ret < 0) {
break;
}
}
}
if (!conn->tls_io_data.out_data) {
wpa_printf(MSG_INFO, "application data is null, adding one byte for ack");
u8 *dummy = os_zalloc(1);