mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 17:55:37 +00:00
Merge remote-tracking branch 'public/pr/1768' into mbedtls-2.7
This commit is contained in:
commit
035d824ad5
|
@ -7,6 +7,8 @@ Bugfix
|
||||||
Contributed by fbrosson in #1533.
|
Contributed by fbrosson in #1533.
|
||||||
* Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber,
|
* Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber,
|
||||||
Philippe Antoine.
|
Philippe Antoine.
|
||||||
|
* Clarify documentation for mbedtls_ssl_write() to include 0 as a valid
|
||||||
|
return value. Found by @davidwu2000. #839
|
||||||
|
|
||||||
= mbed TLS 2.7.4 branch released 2018-06-18
|
= mbed TLS 2.7.4 branch released 2018-06-18
|
||||||
|
|
||||||
|
|
|
@ -2504,17 +2504,19 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
||||||
* or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ,
|
* or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ,
|
||||||
* or another negative error code.
|
* or another negative error code.
|
||||||
*
|
*
|
||||||
* \note If this function returns something other than a positive
|
* \note If this function returns something other than 0, a positive
|
||||||
* value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, the ssl context
|
* value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop
|
||||||
* becomes unusable, and you should either free it or call
|
* using the SSL context for reading or writing, and either
|
||||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
* free it or call \c mbedtls_ssl_session_reset() on it before
|
||||||
* a new connection; the current connection must be closed.
|
* re-using it for a new connection; the current connection
|
||||||
|
* must be closed.
|
||||||
*
|
*
|
||||||
* \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
|
* \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
|
||||||
* it must be called later with the *same* arguments,
|
* it must be called later with the *same* arguments,
|
||||||
* until it returns a positive value. When the function returns
|
* until it returns a value greater that or equal to 0. When
|
||||||
* MBEDTLS_ERR_SSL_WANT_WRITE there may be some partial
|
* the function returns MBEDTLS_ERR_SSL_WANT_WRITE there may be
|
||||||
* data in the output buffer, however this is not yet sent.
|
* some partial data in the output buffer, however this is not
|
||||||
|
* yet sent.
|
||||||
*
|
*
|
||||||
* \note If the requested length is greater than the maximum
|
* \note If the requested length is greater than the maximum
|
||||||
* fragment length (either the built-in limit or the one set
|
* fragment length (either the built-in limit or the one set
|
||||||
|
@ -2523,6 +2525,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
||||||
* - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
|
* - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
|
||||||
* \c mbedtls_ssl_get_max_frag_len() may be used to query the
|
* \c mbedtls_ssl_get_max_frag_len() may be used to query the
|
||||||
* active maximum fragment length.
|
* active maximum fragment length.
|
||||||
|
*
|
||||||
|
* \note Attempting to write 0 bytes will result in an empty TLS
|
||||||
|
* application record being sent.
|
||||||
*/
|
*/
|
||||||
int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
|
int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
|
||||||
|
|
||||||
|
|
|
@ -7137,8 +7137,16 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Send application data to be encrypted by the SSL layer,
|
* Send application data to be encrypted by the SSL layer, taking care of max
|
||||||
* taking care of max fragment length and buffer size
|
* fragment length and buffer size.
|
||||||
|
*
|
||||||
|
* According to RFC 5246 Section 6.2.1:
|
||||||
|
*
|
||||||
|
* Zero-length fragments of Application data MAY be sent as they are
|
||||||
|
* potentially useful as a traffic analysis countermeasure.
|
||||||
|
*
|
||||||
|
* Therefore, it is possible that the input message length is 0 and the
|
||||||
|
* corresponding return code is 0 on success.
|
||||||
*/
|
*/
|
||||||
static int ssl_write_real( mbedtls_ssl_context *ssl,
|
static int ssl_write_real( mbedtls_ssl_context *ssl,
|
||||||
const unsigned char *buf, size_t len )
|
const unsigned char *buf, size_t len )
|
||||||
|
@ -7166,6 +7174,12 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
if( ssl->out_left != 0 )
|
if( ssl->out_left != 0 )
|
||||||
{
|
{
|
||||||
|
/*
|
||||||
|
* The user has previously tried to send the data and
|
||||||
|
* MBEDTLS_ERR_SSL_WANT_WRITE or the message was only partially
|
||||||
|
* written. In this case, we expect the high-level write function
|
||||||
|
* (e.g. mbedtls_ssl_write()) to be called with the same parameters
|
||||||
|
*/
|
||||||
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
|
||||||
|
@ -7174,6 +7188,11 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
/*
|
||||||
|
* The user is trying to send a message the first time, so we need to
|
||||||
|
* copy the data into the internal buffers and setup the data structure
|
||||||
|
* to keep track of partial writes
|
||||||
|
*/
|
||||||
ssl->out_msglen = len;
|
ssl->out_msglen = len;
|
||||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
|
ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
|
||||||
memcpy( ssl->out_msg, buf, len );
|
memcpy( ssl->out_msg, buf, len );
|
||||||
|
|
Loading…
Reference in a new issue