ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixed some bugs in HTTPS library

pull/23/head
francois.berder@arm.com 2013-08-07 14:38:07 +03:00 committed by Bogdan Marinescu
parent bd9a31095a
commit ffb2668411
7 changed files with 76 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
libraries/net/https/HTTPSClient.cpp
View File

@ -36,7 +36,7 @@ int HTTPSClient::connect(const char* host) {
return -1;
}
if(ssl_ctx_new(&_ssl_ctx, SSL_SERVER_VERIFY_LATER|SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES, SSL_DEFAULT_CLNT_SESS) != &_ssl_ctx)
if(ssl_ctx_new(&_ssl_ctx, SSL_SERVER_VERIFY_LATER, SSL_DEFAULT_CLNT_SESS) != &_ssl_ctx)
return -1;
_ssl.ssl_ctx = &_ssl_ctx;
@ -75,7 +75,7 @@ HTTPHeader HTTPSClient::get(char *request)
if((_sock_fd < 0) || !_is_connected)
return HTTPHeader();
sprintf(buf, "GET %s HTTP/1.1\r\nHost: %s:%d\r\n\r\n", request, _host.c_str(), get_port());
sprintf(buf, "GET %s HTTP/1.1\r\nHost: %s\r\n\r\n", request, _host.c_str());
printf("buf=%s\n", buf);
if(send(buf, strlen(buf)) != strlen(buf))
return HTTPHeader();
@ -87,9 +87,10 @@ HTTPHeader HTTPSClient::get(char *request)
HTTPHeader HTTPSClient::read_header()
{
_ssl.bm_read_index = 0;
_ssl.bm_index = 0;
HTTPHeader hdr;
read_line();
if(read_line())
return hdr;
int status;
@ -98,36 +99,37 @@ HTTPHeader HTTPSClient::read_header()
if(status == 200)
hdr._status = HTTP_OK;
printf("status=%d\n", status);
read_line();
if(read_line())
return hdr;
do
{
string name, value;
int ret = sscanf(buf, "%s:%s", name, value);
printf("sscanf return=%d\n", ret);
printf("name=%s\n", name);
printf("value=%s\n", value);
string tmp(buf);
std::size_t sep = tmp.find(':');
string name = tmp.substr(0, sep);
string value = tmp.substr(sep+2, tmp.size());
hdr._fields[name] = value;
read_line();
printf("strlen(buf)=%d\n", strlen(buf));
if(read_line())
return hdr;
}while(strlen(buf));
return hdr;
}
void HTTPSClient::read_line()
uint8_t HTTPSClient::read_line()
{
int index = 0;
do
{
if(ssl_read(&_ssl, (uint8_t*)(&buf[index]), 1))
if(ssl_read(&_ssl, (uint8_t*)(&buf[index]), 1) != 1)
{
// error
return 1;
}
}while(buf[index++] != '\n' && index < 255);
index++;
}while(buf[index-1] != '\r' && index < 256);
ssl_read(&_ssl, (uint8_t*)(&buf[index-1]), 1); // skip '\n'
buf[index-1] = '\0';
printf("line=%s\n", buf);
return 0;
}
// -1:error

2
libraries/net/https/HTTPSClient.h
View File

@ -44,7 +44,7 @@ private:
int send(char* data, int length);
void read_line();
uint8_t read_line();
HTTPHeader read_header();
bool _is_connected;

4
libraries/net/https/axTLS/crypto/rsa.c
View File

@ -250,16 +250,20 @@ int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
out_data[1] = 2;
get_random_NZ(num_pads_needed, &out_data[2]);
}
out_data[2+num_pads_needed] = 0;
memcpy(&out_data[3+num_pads_needed], in_data, in_len);
/* now encrypt it */
dat_bi = bi_import(ctx->bi_ctx, out_data, byte_size);
encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) :
RSA_public(ctx, dat_bi);
bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size);
/* save a few bytes of memory */
bi_clear_cache(ctx->bi_ctx);
return byte_size;
}

6
libraries/net/https/axTLS/ssl/loader.c
View File

@ -432,10 +432,10 @@ int load_key_certs(SSL_CTX *ssl_ctx)
else if (!(options & SSL_NO_DEFAULT_KEY))
{
#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
// static const /* saves a few more bytes */
// static const /* saves a few more bytes */
//#include "private_key.h"
// ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key,
// default_private_key_len, NULL);
// ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key,
// default_private_key_len, NULL);
#endif
}

2
libraries/net/https/axTLS/ssl/os_port.c
View File

@ -93,7 +93,7 @@ static void add_entry(void *x, size_t s, const char* f, const int l)
if(memory_buf[i] == -1)
{
if(enable)
printf("new ptr:%X, size:%d at %s:%d", x, s, f, l);
printf("new ptr:%X, size:%d at %s:%d\n", x, s, f, l);
memory_buf[i] = (int)(x);
memory_buf[i+1] = s;
return;

96
libraries/net/https/axTLS/ssl/tls1.c
View File

@ -229,10 +229,10 @@ EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx)
#endif
i = 0;
while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf)
//while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf)
{
free(ssl_ctx->certs[i].buf);
ssl_ctx->certs[i++].buf = NULL;
//free(ssl_ctx->certs[i].buf);
//ssl_ctx->certs[i++].buf = NULL;
}
#ifdef CONFIG_SSL_CERT_VERIFICATION
@ -351,8 +351,7 @@ int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
ssl_cert = &ssl_ctx->certs[i];
ssl_cert->size = len;
ssl_cert->buf = (uint8_t *)malloc(len);
memcpy(ssl_cert->buf, buf, len);
ssl_cert->buf = buf;
ssl_ctx->chain_length++;
len -= offset;
ret = SSL_OK; /* ok so far */
@ -553,6 +552,7 @@ SSL *ssl_new(SSL *ssl, int client_fd)
ssl->client_fd = 0;
ssl->flag = SSL_NEED_RECORD;
ssl->bm_data = ssl->bm_all_data + BM_RECORD_OFFSET;
ssl->bm_read_index = 0;
ssl->hs_status = SSL_NOT_OK; /* not connected */
#ifdef CONFIG_ENABLE_VERIFICATION
ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
@ -981,7 +981,14 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
}
}
fd_set wfds;
FD_ZERO(&wfds);
FD_SET(ssl->client_fd, &wfds);
/* block and wait for it */
if (lwip_select(FD_SETSIZE, NULL, &wfds, NULL, NULL) < 0)
return SSL_ERROR_CONN_LOST;
SET_SSL_FLAG(SSL_NEED_RECORD); /* reset for next time */
ssl->bm_index = 0;
@ -1186,6 +1193,7 @@ static int set_key_block(SSL *ssl, int is_write)
*/
int basic_read2(SSL *ssl, uint8_t *data, uint32_t length)
{
// printf("basic_read2\n");
if(data == NULL)
return -1;
@ -1193,6 +1201,7 @@ int basic_read2(SSL *ssl, uint8_t *data, uint32_t length)
do
{
//printf("before_lwip_select\n");
fd_set rfds;
FD_ZERO(&rfds);
FD_SET(ssl->client_fd, &rfds);
@ -1200,9 +1209,11 @@ int basic_read2(SSL *ssl, uint8_t *data, uint32_t length)
/* block and wait for it */
if (lwip_select(FD_SETSIZE, &rfds, NULL, NULL, NULL) < 0)
return SSL_ERROR_CONN_LOST;
// printf("after_lwip_select\n");
int read_len = SOCKET_READ(ssl->client_fd, &data[ret], length-ret);
// printf("read_len = %d\n", read_len);
if (read_len < 0)
{
@ -1270,17 +1281,11 @@ int read_record(SSL *ssl)
}
ssl->need_bytes = (record[3] << 8) + record[4];
printf("ssl->need_byte=%d\n", ssl->need_bytes);
/* do we violate the spec with the message size? */
if (ssl->need_bytes > 4*(RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET))
{
return SSL_ERROR_INVALID_PROT_MSG;
}
memcpy(ssl->hmac_header, record, 3); /* store for hmac */
ssl->record_type = record[0];
CLR_SSL_FLAG(SSL_NEED_RECORD);
ssl->bm_index = 0;
return SSL_OK;
}
@ -1316,11 +1321,12 @@ int ssl_read(SSL *ssl, uint8_t *in_data, int len)
{
if(len <= 0 || in_data == NULL)
return 0;
if(ssl->bm_index == 0)
if(IS_SET_SSL_FLAG(SSL_NEED_RECORD))
{
read_record(ssl);
}
return process_data(ssl, in_data, len);
}
@ -1375,56 +1381,44 @@ int process_data(SSL* ssl, uint8_t *in_data, int len)
return 0;
if (in_data)
{
uint16_t index = ssl->bm_index % 2048;
if(ssl->bm_read_index == 0)
{
int read_len = ssl->need_bytes - ssl->bm_index;
if(read_len > 4096-ssl->bm_index)
read_len = 4096-ssl->bm_index;
if(len < read_len)
read_len = len - (len % AES_BLOCKSIZE);
int read_len = len;
if(read_len > 2048-index)
read_len = 2048-index;
if(read_len > ssl->need_bytes)
read_len = ssl->need_bytes;
read_len -= read_len % AES_BLOCKSIZE;
if(read_len <= 0)
read_len = AES_BLOCKSIZE;
printf("read_len=%d\n", read_len);
int ret = basic_read2(ssl, ssl->bm_all_data + ssl->bm_index, read_len);
if(ssl->need_bytes < AES_BLOCKSIZE)
read_len = AES_BLOCKSIZE;
int ret = basic_read2(ssl, ssl->bm_all_data + index, read_len);
if(ret != read_len)
return 0;
ssl->bm_read_index = basic_decrypt(ssl, ssl->bm_all_data + ssl->bm_index, read_len);
ssl->bm_read_index = basic_decrypt(ssl, ssl->bm_all_data + index, read_len);
ssl->need_bytes -= ssl->bm_read_index;
if(ssl->need_bytes == 0)
{
ssl->bm_read_index = 0;
SET_SSL_FLAG(SSL_NEED_RECORD);
return ssl_read(ssl, in_data, len);
}
}
if(len > ssl->bm_read_index)
len = ssl->bm_read_index;
memcpy(in_data, ssl->bm_all_data+ssl->bm_index, len);
memcpy(in_data, ssl->bm_all_data+index, len);
ssl->bm_index += len;
ssl->bm_read_index -= len;
if(ssl->bm_index >= 4096)
if(ssl->need_bytes == 0)
SET_SSL_FLAG(SSL_NEED_RECORD);
if(ssl->bm_index >= 2048)
ssl->bm_index = 0;
return len;
/*
int read_len = ssl->need_bytes;
if(len < ssl->need_bytes)
read_len = len - (len % AES_BLOCKSIZE);
if(read_len <= 0)
return 0;
int ret = basic_read2(ssl, in_data, read_len);
if(ret != read_len)
return 0;
ssl->bm_index += ret;
if(ssl->bm_index >= ssl->need_bytes)
{
ssl->need_bytes = 0;
SET_SSL_FLAG(SSL_NEED_RECORD);
}
ret = basic_decrypt(ssl, in_data, read_len);
if(ret < 0)
return 0;
return ret;
*/
}
return 0;

2
libraries/net/https/axTLS/ssl/tls1.h
View File

@ -76,7 +76,7 @@ extern "C" {
#define IS_SET_SSL_FLAG(A) (ssl->flag & A)
#define MAX_KEY_BYTE_SIZE 512 /* for a 4096 bit key */
#define RT_MAX_PLAIN_LENGTH 4096//16384
#define RT_MAX_PLAIN_LENGTH 2048//16384
#define RT_EXTRA 512//1024
#define BM_RECORD_OFFSET 5
#define BM_ALL_DATA_SIZE (RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)