arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-07-30 16:24:09 +03:00
Code Activity

* Put back TLS 1.0.

Browse Source 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@268 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich
2016-08-17 10:42:49 +00:00
committed by Yasuki Ikeuchi
parent f599ff830e
commit 29b478f3cf
3 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ssl/tls1.c
View File

@ -1145,6 +1145,7 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
increment_write_sequence(ssl); increment_write_sequence(ssl);
/* add the explicit IV for TLS1.1 */ /* add the explicit IV for TLS1.1 */
if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1)
{ {
uint8_t iv_size = ssl->cipher_info->iv_size; uint8_t iv_size = ssl->cipher_info->iv_size;
uint8_t *t_buf = malloc(msg_length + iv_size); uint8_t *t_buf = malloc(msg_length + iv_size);
@ -1358,8 +1359,12 @@ int basic_read(SSL *ssl, uint8_t **in_data)
if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED)) if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
{ {
ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len); ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
buf += ssl->cipher_info->iv_size;
read_len -= ssl->cipher_info->iv_size; if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1)
{
buf += ssl->cipher_info->iv_size;
read_len -= ssl->cipher_info->iv_size;
}
read_len = verify_digest(ssl, read_len = verify_digest(ssl,
is_client ? SSL_CLIENT_READ : SSL_SERVER_READ, buf, read_len); is_client ? SSL_CLIENT_READ : SSL_SERVER_READ, buf, read_len);

5
ssl/tls1.h
View File

@ -47,8 +47,9 @@ extern "C" {
#include "crypto.h" #include "crypto.h"
#include "crypto_misc.h" #include "crypto_misc.h"
#define SSL_PROTOCOL_MIN_VERSION 0x32 /* TLS v1.1 */ #define SSL_PROTOCOL_MIN_VERSION 0x31 /* TLS v1.0 */
#define SSL_PROTOCOL_VERSION_MAX 0x33 /* TLS v1.2 */ #define SSL_PROTOCOL_VERSION_MAX 0x33 /* TLS v1.3 */
#define SSL_PROTOCOL_VERSION_TLS1_1 0x32 /* TLS v1.1 */
#define SSL_PROTOCOL_VERSION_TLS1_2 0x33 /* TLS v1.2 */ #define SSL_PROTOCOL_VERSION_TLS1_2 0x33 /* TLS v1.2 */
#define SSL_RANDOM_SIZE 32 #define SSL_RANDOM_SIZE 32
#define SSL_SECRET_SIZE 48 #define SSL_SECRET_SIZE 48

5
ssl/x509.c
View File

@ -74,7 +74,9 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
int begin_tbs, end_tbs; int begin_tbs, end_tbs;
int ret = X509_NOT_OK, offset = 0, cert_size = 0; int ret = X509_NOT_OK, offset = 0, cert_size = 0;
X509_CTX *x509_ctx; X509_CTX *x509_ctx;
#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
BI_CTX *bi_ctx; BI_CTX *bi_ctx;
#endif
*ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX)); *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
x509_ctx = *ctx; x509_ctx = *ctx;
@ -117,7 +119,6 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
goto end_cert; goto end_cert;
} }
bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
x509_ctx->fingerprint = malloc(SHA1_SIZE); x509_ctx->fingerprint = malloc(SHA1_SIZE);
SHA1_CTX sha_fp_ctx; SHA1_CTX sha_fp_ctx;
@ -126,6 +127,8 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
SHA1_Final(x509_ctx->fingerprint, &sha_fp_ctx); SHA1_Final(x509_ctx->fingerprint, &sha_fp_ctx);
#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */ #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
/* use the appropriate signature algorithm */ /* use the appropriate signature algorithm */
switch (x509_ctx->sig_type) switch (x509_ctx->sig_type)
{ {