Halaman utama Jelajahi Bantuan
Masuk
RT-Thread-packages
/
esp-idf
cermin dari https://github-proxy.rt-thread.io/RT-Thread-packages/esp-idf.git
2
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

Merge branch 'cherry-pick-e8360fe0-4' into 'release/v4.3'

wpa_supplicant: clean tls client state machine (backport v4.3)

See merge request espressif/esp-idf!15040
Jiang Jiang Jian 4 tahun lalu
induk
2006d66aee c110c31957
melakukan
f83699a67f
1 mengubah file dengan 15 tambahan dan 41 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 15 41
      components/wpa_supplicant/src/crypto/tls_mbedtls.c

+ 15 - 41
components/wpa_supplicant/src/crypto/tls_mbedtls.c
Tampilan Berkas 

@@ -121,6 +121,10 @@ static int tls_mbedtls_read(void *ctx, unsigned char *buf, size_t len)
 
 	struct wpabuf *local_buf;
 
 	size_t data_len = len;
 
 
+	if (data->in_data == NULL) {
 
+		return MBEDTLS_ERR_SSL_WANT_READ;
 
+	}
 
+
 
 	if (len > wpabuf_len(data->in_data)) {
 
 		wpa_printf(MSG_ERROR, "don't have suffient data\n");
 
 		data_len = wpabuf_len(data->in_data);
 
@@ -556,56 +560,26 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
 
 	if (wpabuf_len(in_data)) {
 
 		conn->tls_io_data.in_data = wpabuf_dup(in_data);
 
 	}
 
-	ret = mbedtls_ssl_handshake_step(&tls->ssl);
 
-	if (ret < 0) {
 
-		wpa_printf(MSG_ERROR, "%s:%d", __func__, __LINE__);
 
-		goto end;
 
-	}
 
 
 	/* Multiple reads */
 
-	while (conn->tls_io_data.in_data) {
 
+	while (tls->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) {
 
+		if (tls->ssl.state == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
 
+			/* Read random data before session completes, not present after handshake */
 
+			if (tls->ssl.handshake) {
 
+				os_memcpy(conn->randbytes, tls->ssl.handshake->randbytes,
 
+					  TLS_RANDOM_LEN * 2);
 
+			}
 
+		}
 
 		ret = mbedtls_ssl_handshake_step(&tls->ssl);
 
+
 
 		if (ret < 0)
 
 			break;
 
 	}
 
-
 
-	/* State machine just started, get client hello */
 
-	if (tls->ssl.state == MBEDTLS_SSL_CLIENT_HELLO) {
 
-		ret = mbedtls_ssl_handshake_step(&tls->ssl);
 
-	}
 
-
 
-	if (ret < 0) {
 
-		wpa_printf(MSG_ERROR, "%s:%d", __func__, __LINE__);
 
+	if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ) {
 
+		wpa_printf(MSG_INFO, "%s: ret is %d line:%d", __func__, ret, __LINE__);
 
 		goto end;
 
 	}
 
 
-	/* Already read sever data till hello done */
 
-	if (tls->ssl.state == MBEDTLS_SSL_CLIENT_CERTIFICATE) {
 
-		/* Read random data before session completes, not present after handshake */
 
-		if (tls->ssl.handshake) {
 
-			os_memcpy(conn->randbytes, tls->ssl.handshake->randbytes,
 
-				  TLS_RANDOM_LEN * 2);
 
-		}
 
-
 
-		/* trigger state machine multiple times to reach till finish */
 
-		while (tls->ssl.state <= MBEDTLS_SSL_CLIENT_FINISHED) {
 
-			ret = mbedtls_ssl_handshake_step(&tls->ssl);
 
-			if (ret < 0) {
 
-				break;
 
-			}
 
-		}
 
-	}
 
-
 
-	/* Trigger state machine till handshake is complete or error occures */
 
-	if (tls->ssl.state == MBEDTLS_SSL_FLUSH_BUFFERS) {
 
-		while (tls->ssl.state <= MBEDTLS_SSL_HANDSHAKE_OVER) {
 
-			ret = mbedtls_ssl_handshake_step(&tls->ssl);
 
-			if (ret < 0) {
 
-				break;
 
-			}
 
-		}
 
-	}
 
-
 
 	if (!conn->tls_io_data.out_data) {
 
 		wpa_printf(MSG_INFO, "application data is null, adding one byte for ack");
 
 		u8 *dummy = os_zalloc(1);