arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-07-30 16:24:09 +03:00
Code Activity

Merge branch upstream into axtls-upgrade

Browse Source
This commit is contained in:
Jens Mueller
2016-05-13 23:40:49 +02:00
parent 6209eaca16 d1bcdc5f97
commit 36e8b497ba
21 changed files with 932 additions and 302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
ssl/tls1.c
View File

@ -323,7 +323,7 @@ int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
X509_CTX *cert = NULL;
int offset;
while (ssl_ctx->certs[i].buf && i < CONFIG_SSL_MAX_CERTS)
while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf)
i++;
if (i == CONFIG_SSL_MAX_CERTS) /* too many certs */
@ -369,7 +369,7 @@ error:
*/
int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
{
int ret = SSL_OK; /* ignore errors for now */
int ret = X509_OK; /* ignore errors for now */
int i = 0;
CA_CERT_CTX *ca_cert_ctx;
@ -391,10 +391,10 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
"compile-time configuration required\n",
CONFIG_X509_MAX_CA_CERTS);
#endif
ret = X509_MAX_CERTS;
break;
}
/* ignore the return code */
if (x509_new(buf, &offset, &ca_cert_ctx->cert[i]) == X509_OK)
{
@ -1099,7 +1099,9 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
uint8_t iv_size = ssl->cipher_info->iv_size;
uint8_t *t_buf = malloc(msg_length + iv_size);
memcpy(t_buf + iv_size, ssl->bm_data, msg_length);
get_random(iv_size, t_buf);
if (get_random(iv_size, t_buf) < 0)
return SSL_NOT_OK;
msg_length += iv_size;
memcpy(ssl->bm_data, t_buf, msg_length);
free(t_buf);
@ -1376,25 +1378,26 @@ int basic_read(SSL *ssl, uint8_t **in_data)
goto error;
}
/* all encrypted from now on */
SET_SSL_FLAG(SSL_RX_ENCRYPTED);
if (set_key_block(ssl, 0) < 0)
{
ret = SSL_ERROR_INVALID_HANDSHAKE;
goto error;
}
/* all encrypted from now on */
SET_SSL_FLAG(SSL_RX_ENCRYPTED);
memset(ssl->read_sequence, 0, 8);
break;
case PT_APP_PROTOCOL_DATA:
if (in_data)
if (in_data && ssl->hs_status == SSL_OK)
{
*in_data = buf; /* point to the work buffer */
(*in_data)[read_len] = 0; /* null terminate just in case */
ret = read_len;
}
ret = read_len;
else
ret = SSL_ERROR_INVALID_PROT_MSG;
break;
case PT_ALERT_PROTOCOL:
@ -1502,10 +1505,14 @@ int send_change_cipher_spec(SSL *ssl)
{
int ret = send_packet(ssl, PT_CHANGE_CIPHER_SPEC,
g_chg_cipher_spec_pkt, sizeof(g_chg_cipher_spec_pkt));
SET_SSL_FLAG(SSL_TX_ENCRYPTED);
if (ret >= 0 && set_key_block(ssl, 1) < 0)
ret = SSL_ERROR_INVALID_HANDSHAKE;
if (ssl->cipher_info)
SET_SSL_FLAG(SSL_TX_ENCRYPTED);
if (ssl->cipher_info)
SET_SSL_FLAG(SSL_TX_ENCRYPTED);
memset(ssl->write_sequence, 0, 8);
return ret;
@ -2251,7 +2258,7 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code) {}
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
uint8_t *session_id, uint8_t sess_id_size)
{
printf(unsupported_str);
printf("%s", unsupported_str);
return NULL;
}
#endif
@ -2259,20 +2266,20 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
#if !defined(CONFIG_SSL_CERT_VERIFICATION)
EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
{
printf(unsupported_str);
printf("%s", unsupported_str);
return -1;
}
EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
{
printf(unsupported_str);
printf("%s", unsupported_str);
return NULL;
}
EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int index)
{
printf(unsupported_str);
printf("%s", unsupported_str);
return NULL;
}