* Put back TLS 1.0.

cameronrich · ikeyasu · commit 29b478f3cffd · 2016-08-19T07:42:10.000+09:00
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@268 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
diff --git a/ssl/tls1.c b/ssl/tls1.c
@@ -1145,6 +1145,7 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
         increment_write_sequence(ssl);
 
         /* add the explicit IV for TLS1.1 */
+        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1)
         {
             uint8_t iv_size = ssl->cipher_info->iv_size;
             uint8_t *t_buf = malloc(msg_length + iv_size);
@@ -1358,8 +1359,12 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
     {
         ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
-        buf += ssl->cipher_info->iv_size;
-        read_len -= ssl->cipher_info->iv_size;
+
+        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1)
+        {
+            buf += ssl->cipher_info->iv_size;
+            read_len -= ssl->cipher_info->iv_size;
+        }
 
         read_len = verify_digest(ssl, 
                 is_client ? SSL_CLIENT_READ : SSL_SERVER_READ, buf, read_len);
diff --git a/ssl/tls1.h b/ssl/tls1.h
@@ -47,8 +47,9 @@ extern "C" {
 #include "crypto.h"
 #include "crypto_misc.h"
 
-#define SSL_PROTOCOL_MIN_VERSION    0x32   /* TLS v1.1 */
-#define SSL_PROTOCOL_VERSION_MAX    0x33   /* TLS v1.2 */
+#define SSL_PROTOCOL_MIN_VERSION    0x31   /* TLS v1.0 */
+#define SSL_PROTOCOL_VERSION_MAX    0x33   /* TLS v1.3 */
+#define SSL_PROTOCOL_VERSION_TLS1_1 0x32   /* TLS v1.1 */
 #define SSL_PROTOCOL_VERSION_TLS1_2 0x33   /* TLS v1.2 */
 #define SSL_RANDOM_SIZE             32
 #define SSL_SECRET_SIZE             48
diff --git a/ssl/x509.c b/ssl/x509.c
@@ -74,7 +74,9 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
     int begin_tbs, end_tbs;
     int ret = X509_NOT_OK, offset = 0, cert_size = 0;
     X509_CTX *x509_ctx;
+#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
     BI_CTX *bi_ctx;
+#endif
 
     *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
     x509_ctx = *ctx;
@@ -117,7 +119,6 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
         goto end_cert;
     }
 
-    bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
 
     x509_ctx->fingerprint = malloc(SHA1_SIZE);
     SHA1_CTX sha_fp_ctx;
@@ -126,6 +127,8 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
     SHA1_Final(x509_ctx->fingerprint, &sha_fp_ctx);
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
+    bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
+
     /* use the appropriate signature algorithm */
     switch (x509_ctx->sig_type)
     {
