mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-11 16:05:37 +00:00
Document precoditions on some HS parsing/writing functions
Eventually, all HS parsing/writing functions should take an arbitrary buffer + length pair as their argument, and return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if the provided buffer is too short. So far, we've only made a first step by allowing to pass an arbitrary buffer, but don't yet add bounds checks throughout. While deliberate for now, this must be clearly documented.
This commit is contained in:
parent
7d552fad65
commit
4e46709800
|
@ -3460,6 +3460,11 @@ static int ssl_out_client_key_exchange_prepare( mbedtls_ssl_context *ssl )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
/* Warning: Despite accepting a length argument, this function is currently
|
||||
* still lacking some bounds checks and assumes that `buf` has length
|
||||
* `MBEDTLS_SSL_OUT_CONTENT_LEN`. Eventually, it should be rewritten to work
|
||||
* with any buffer + length pair, returning MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
|
||||
* on insufficient writing space. */
|
||||
static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
size_t buflen,
|
||||
|
|
|
@ -4105,6 +4105,11 @@ cleanup:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
/* Warning: Despite accepting a length argument, this function is currently
|
||||
* still lacking some bounds checks and assumes that `buf` has length
|
||||
* `MBEDTLS_SSL_IN_CONTENT_LEN`. Eventually, it should be rewritten to work
|
||||
* with any buffer + length pair, returning MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
|
||||
* on insufficient parsing space. */
|
||||
static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
size_t buflen )
|
||||
|
|
Loading…
Reference in a new issue