diff --git a/source/Security/protocols/sec_prot_lib.c b/source/Security/protocols/sec_prot_lib.c index 14e31a4447f..ff7d126a253 100644 --- a/source/Security/protocols/sec_prot_lib.c +++ b/source/Security/protocols/sec_prot_lib.c @@ -511,7 +511,7 @@ int8_t sec_prot_lib_gtkhash_generate(uint8_t *gtk, uint8_t *gtk_hash) uint8_t *sec_prot_remote_eui_64_addr_get(sec_prot_t *prot) { - if (prot->sec_keys->ptk_eui_64_set) { + if (prot->sec_keys && prot->sec_keys->ptk_eui_64_set) { return prot->sec_keys->ptk_eui_64; } else { return NULL; diff --git a/source/Security/protocols/tls_sec_prot/tls_sec_prot.c b/source/Security/protocols/tls_sec_prot/tls_sec_prot.c index 8a86d2b1230..ce4ed39ca65 100644 --- a/source/Security/protocols/tls_sec_prot/tls_sec_prot.c +++ b/source/Security/protocols/tls_sec_prot/tls_sec_prot.c @@ -472,8 +472,9 @@ static void server_tls_sec_prot_state_machine(sec_prot_t *prot) data->library_init = false; break; - case TLS_STATE_FINISHED: - tr_debug("TLS: finished, eui-64: %s free %s", trace_array(sec_prot_remote_eui_64_addr_get(prot), 8), data->library_init ? "T" : "F"); + case TLS_STATE_FINISHED: { + uint8_t *remote_eui_64 = sec_prot_remote_eui_64_addr_get(prot); + tr_debug("TLS: finished, eui-64: %s free %s", remote_eui_64 ? trace_array(sec_prot_remote_eui_64_addr_get(prot), 8) : "not set", data->library_init ? "T" : "F"); if (data->library_init) { tls_sec_prot_lib_free((tls_security_t *) &data->tls_sec_inst); data->library_init = false; @@ -481,7 +482,7 @@ static void server_tls_sec_prot_state_machine(sec_prot_t *prot) prot->timer_stop(prot); prot->finished(prot); break; - + } default: break; } @@ -597,6 +598,7 @@ static int8_t tls_sec_prot_tls_configure_and_connect(sec_prot_t *prot, bool is_s // Must be free if library initialize is done data->library_init = true; if (tls_sec_prot_lib_init((tls_security_t *)&data->tls_sec_inst) < 0) { + tr_error("TLS: library init fail"); return -1; } @@ -605,6 +607,7 @@ static int8_t tls_sec_prot_tls_configure_and_connect(sec_prot_t *prot, bool is_s tls_sec_prot_tls_set_timer, tls_sec_prot_tls_get_timer); if (tls_sec_prot_lib_connect((tls_security_t *)&data->tls_sec_inst, is_server, prot->sec_keys->certs) < 0) { + tr_error("TLS: library connect fail"); return -1; } @@ -615,30 +618,29 @@ static bool tls_sec_prot_queue_check(sec_prot_t *prot) { bool queue_add = true; bool queue_continue = false; - bool first_entry = true; + uint8_t entry_index = 0; // Checks if TLS queue is empty or this instance is the first entry if (ns_list_is_empty(&tls_sec_prot_queue)) { queue_continue = true; } else { - ns_list_foreach(tls_sec_prot_queue_t, entry, &tls_sec_prot_queue) { if (entry->prot == prot) { queue_add = false; - if (first_entry) { + if (entry_index < 3) { queue_continue = true; break; } else { queue_continue = false; } } - first_entry = false; + entry_index++; } } // Adds entry to queue if not there already if (queue_add) { - tr_debug("TLS QUEUE add%s, eui-64: %s", first_entry ? " first" : "", trace_array(sec_prot_remote_eui_64_addr_get(prot), 8)); + tr_debug("TLS QUEUE add index: %i, eui-64: %s", entry_index, trace_array(sec_prot_remote_eui_64_addr_get(prot), 8)); tls_sec_prot_queue_t *entry = ns_dyn_mem_temporary_alloc(sizeof(tls_sec_prot_queue_t)); if (entry) { entry->prot = prot; @@ -655,11 +657,15 @@ static bool tls_sec_prot_queue_process(sec_prot_t *prot) return true; } + uint8_t entry_index = 0; ns_list_foreach(tls_sec_prot_queue_t, entry, &tls_sec_prot_queue) { if (entry->prot == prot) { return true; } - return false; + if (entry_index > 2) { + return false; + } + entry_index++; } return false; diff --git a/source/Security/protocols/tls_sec_prot/tls_sec_prot_lib.c b/source/Security/protocols/tls_sec_prot/tls_sec_prot_lib.c index b3907ec281d..afd686c8fec 100644 --- a/source/Security/protocols/tls_sec_prot/tls_sec_prot_lib.c +++ b/source/Security/protocols/tls_sec_prot/tls_sec_prot_lib.c @@ -126,11 +126,13 @@ int8_t tls_sec_prot_lib_init(tls_security_t *sec) if (mbedtls_entropy_add_source(&sec->entropy, tls_sec_lib_entropy_poll, NULL, 128, MBEDTLS_ENTROPY_SOURCE_WEAK) < 0) { + tr_error("Entropy add fail"); return -1; } if ((mbedtls_ctr_drbg_seed(&sec->ctr_drbg, mbedtls_entropy_func, &sec->entropy, (const unsigned char *) pers, strlen(pers))) != 0) { + tr_error("drbg seed fail"); return -1; } @@ -177,6 +179,7 @@ void tls_sec_prot_lib_free(tls_security_t *sec) static int tls_sec_prot_lib_configure_certificates(tls_security_t *sec, const sec_prot_certs_t *certs) { if (!certs->own_cert_chain.cert[0]) { + tr_error("no own cert"); return -1; } @@ -282,6 +285,7 @@ int8_t tls_sec_prot_lib_connect(tls_security_t *sec, bool is_server, const sec_p } if ((mbedtls_ssl_config_defaults(&sec->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, 0)) != 0) { + tr_error("config defaults fail"); return -1; } @@ -294,6 +298,7 @@ int8_t tls_sec_prot_lib_connect(tls_security_t *sec, bool is_server, const sec_p #endif if ((mbedtls_ssl_setup(&sec->ssl, &sec->conf)) != 0) { + tr_error("ssl setup fail"); return -1; } @@ -303,10 +308,10 @@ int8_t tls_sec_prot_lib_connect(tls_security_t *sec, bool is_server, const sec_p // Configure certificates, keys and certificate revocation list if (tls_sec_prot_lib_configure_certificates(sec, certs) != 0) { + tr_error("cert conf fail"); return -1; } - // Configure ciphersuites static const int sec_suites[] = { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, @@ -471,6 +476,7 @@ static int tls_sec_lib_entropy_poll(void *ctx, unsigned char *output, size_t len char *c = (char *)ns_dyn_mem_temporary_alloc(len); if (!c) { + tr_error("entropy alloca fail"); return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; } memset(c, 0, len);