mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 12:55:41 +00:00
Merge remote-tracking branch 'upstream-public/pr/1944' into mbedtls-2.7
This commit is contained in:
commit
ab397dd47c
|
@ -10,6 +10,8 @@ Bugfix
|
|||
* Add ecc extensions only if an ecc based ciphersuite is used.
|
||||
This improves compliance to RFC 4492, and as a result, solves
|
||||
interoperability issues with BouncyCastle. Raised by milenamil in #1157.
|
||||
* Fix potential use-after-free in mbedtls_ssl_get_max_frag_len()
|
||||
and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941.
|
||||
|
||||
Changes
|
||||
* Improve compatibility with some alternative CCM implementations by using
|
||||
|
|
|
@ -5911,7 +5911,11 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
|
|||
ssl->transform_in = NULL;
|
||||
ssl->transform_out = NULL;
|
||||
|
||||
ssl->session_in = NULL;
|
||||
ssl->session_out = NULL;
|
||||
|
||||
memset( ssl->out_buf, 0, MBEDTLS_SSL_BUFFER_LEN );
|
||||
|
||||
if( partial == 0 )
|
||||
memset( ssl->in_buf, 0, MBEDTLS_SSL_BUFFER_LEN );
|
||||
|
||||
|
@ -6687,14 +6691,14 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
|
|||
size_t transform_expansion;
|
||||
const mbedtls_ssl_transform *transform = ssl->transform_out;
|
||||
|
||||
if( transform == NULL )
|
||||
return( (int) mbedtls_ssl_hdr_len( ssl ) );
|
||||
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
#endif
|
||||
|
||||
if( transform == NULL )
|
||||
return( (int) mbedtls_ssl_hdr_len( ssl ) );
|
||||
|
||||
switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
|
||||
{
|
||||
case MBEDTLS_MODE_GCM:
|
||||
|
|
Loading…
Reference in a new issue