From 40883e91a6881ef151ca5084394c17630711d775 Mon Sep 17 00:00:00 2001 From: irwir Date: Sat, 21 Sep 2019 17:55:33 +0300 Subject: [PATCH 1/4] Resolve #2717 - remove erroneous sizeof (the operator was applied to constant integer number) --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a7facb81a..ae369b24c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7264,7 +7264,7 @@ static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl, if( ssl->session_negotiate->peer_cert_digest == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", - sizeof( MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ) ) ); + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); From 734f0cf65e630dce5180aa1f08c621f30a10f5c4 Mon Sep 17 00:00:00 2001 From: irwir Date: Thu, 26 Sep 2019 21:03:24 +0300 Subject: [PATCH 2/4] Resolve #2800 - move declaration to avoid unused variable warning in case MBEDTLS_SSL_PROTO_DTLS was undefined --- library/ssl_tls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ae369b24c..9577b3510 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -120,7 +120,6 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, size_t buflen ) { int ret = 0; - mbedtls_record rec; MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen ); @@ -137,6 +136,8 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_PROTO_DTLS) else { + mbedtls_record rec; + ret = ssl_parse_record_header( ssl, buf, buflen, &rec ); if( ret != 0 ) { From 89af51ff39d1efb6c1ffd6ef323cbd254b4ada6e Mon Sep 17 00:00:00 2001 From: irwir Date: Thu, 26 Sep 2019 21:04:56 +0300 Subject: [PATCH 3/4] Resolve #2801 - remove repetitive assignment to ssl->in_msg (the first value was never used) --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9577b3510..48c433e67 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6414,7 +6414,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl->in_len = ssl->in_cid + rec.cid_len; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - ssl->in_iv = ssl->in_msg = ssl->in_len + 2; + ssl->in_iv = ssl->in_len + 2; /* The record content type may change during decryption, * so re-read it. */ From 6c0da64094f5118db8e006301ca67bfde1c8f9fc Mon Sep 17 00:00:00 2001 From: irwir Date: Thu, 26 Sep 2019 21:07:41 +0300 Subject: [PATCH 4/4] Shorter version of mbedtls_ssl_send_fatal_handshake_failure --- ChangeLog | 10 ++++++++++ library/ssl_tls.c | 13 +++---------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 973f21300..0ba2adbee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.19.2 branch released xxxx-xx-xx + +Bugfix + * Fix an incorrect size in a debugging message. Reported and fix + submitted by irwir. Fixes #2717. + * Fix an unused variable warning when compiling without DTLS. + Reported and fix submitted by irwir. Fixes #2800. + * Remove a useless assignment. Reported and fix submitted by irwir. + Fixes #2801. + = mbed TLS 2.19.1 branch released 2019-09-16 Features diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 48c433e67..cf5b1cbf1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6568,16 +6568,9 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ) { - int ret; - - if( ( ret = mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ) != 0 ) - { - return( ret ); - } - - return( 0 ); + return( mbedtls_ssl_send_alert_message( ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ); } int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,