mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-05 20:25:39 +00:00
Merge branch 'misc' into development
Fixes github #358, #362 and IOTSSL-536
This commit is contained in:
commit
fabce5e137
|
@ -2,6 +2,9 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
= mbed TLS 2.2.1 released 2015-12-xx
|
= mbed TLS 2.2.1 released 2015-12-xx
|
||||||
|
|
||||||
|
Bugfix
|
||||||
|
* Fix over-restricive length limit in GCM. Found by Andreas-N. #362
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* To avoid dropping an entire DTLS datagram if a single record in a datagram
|
* To avoid dropping an entire DTLS datagram if a single record in a datagram
|
||||||
is invalid, we now only drop the record and look at subsequent records (if
|
is invalid, we now only drop the record and look at subsequent records (if
|
||||||
|
|
|
@ -2168,7 +2168,8 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session
|
||||||
* \note If this function returns something other than 0 or
|
* \note If this function returns something other than 0 or
|
||||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||||
* becomes unusable, and you should either free it or call
|
* becomes unusable, and you should either free it or call
|
||||||
* \c mbedtls_ssl_session_reset() on it before re-using it.
|
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||||
|
* a new connection; the current connection must be closed.
|
||||||
*
|
*
|
||||||
* \note If DTLS is in use, then you may choose to handle
|
* \note If DTLS is in use, then you may choose to handle
|
||||||
* MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
|
* MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
|
||||||
|
@ -2184,6 +2185,12 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
|
||||||
* the following state after execution of this function.
|
* the following state after execution of this function.
|
||||||
* Do not call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
|
* Do not call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
|
||||||
*
|
*
|
||||||
|
* \note If this function returns something other than 0 or
|
||||||
|
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||||
|
* becomes unusable, and you should either free it or call
|
||||||
|
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||||
|
* a new connection; the current connection must be closed.
|
||||||
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or
|
* \return 0 if successful, or
|
||||||
|
@ -2202,6 +2209,12 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or any mbedtls_ssl_handshake() return value.
|
* \return 0 if successful, or any mbedtls_ssl_handshake() return value.
|
||||||
|
*
|
||||||
|
* \note If this function returns something other than 0 or
|
||||||
|
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||||
|
* becomes unusable, and you should either free it or call
|
||||||
|
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||||
|
* a new connection; the current connection must be closed.
|
||||||
*/
|
*/
|
||||||
int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
|
||||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||||
|
@ -2219,6 +2232,13 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
|
||||||
* MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or
|
* MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or
|
||||||
* another negative error code.
|
* another negative error code.
|
||||||
*
|
*
|
||||||
|
* \note If this function returns something other than a positive
|
||||||
|
* value or MBEDTLS_ERR_SSL_WANT_READ/WRITE or
|
||||||
|
* MBEDTLS_ERR_SSL_CLIENT_RECONNECT, then the ssl context
|
||||||
|
* becomes unusable, and you should either free it or call
|
||||||
|
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||||
|
* a new connection; the current connection must be closed.
|
||||||
|
*
|
||||||
* \note When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
|
* \note When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
|
||||||
* (which can only happen server-side), it means that a client
|
* (which can only happen server-side), it means that a client
|
||||||
* is initiating a new connection using the same source port.
|
* is initiating a new connection using the same source port.
|
||||||
|
@ -2252,6 +2272,12 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
||||||
* or MBEDTLS_ERR_SSL_WANT_WRITE of MBEDTLS_ERR_SSL_WANT_READ,
|
* or MBEDTLS_ERR_SSL_WANT_WRITE of MBEDTLS_ERR_SSL_WANT_READ,
|
||||||
* or another negative error code.
|
* or another negative error code.
|
||||||
*
|
*
|
||||||
|
* \note If this function returns something other than a positive
|
||||||
|
* value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, the ssl context
|
||||||
|
* becomes unusable, and you should either free it or call
|
||||||
|
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||||
|
* a new connection; the current connection must be closed.
|
||||||
|
*
|
||||||
* \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
|
* \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
|
||||||
* it must be called later with the *same* arguments,
|
* it must be called later with the *same* arguments,
|
||||||
* until it returns a positive value.
|
* until it returns a positive value.
|
||||||
|
@ -2275,6 +2301,12 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_
|
||||||
* \param message The alert message (SSL_ALERT_MSG_*)
|
* \param message The alert message (SSL_ALERT_MSG_*)
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or a specific SSL error code.
|
* \return 0 if successful, or a specific SSL error code.
|
||||||
|
*
|
||||||
|
* \note If this function returns something other than 0 or
|
||||||
|
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||||
|
* becomes unusable, and you should either free it or call
|
||||||
|
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||||
|
* a new connection; the current connection must be closed.
|
||||||
*/
|
*/
|
||||||
int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
|
int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
|
||||||
unsigned char level,
|
unsigned char level,
|
||||||
|
@ -2283,6 +2315,14 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
|
||||||
* \brief Notify the peer that the connection is being closed
|
* \brief Notify the peer that the connection is being closed
|
||||||
*
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
|
*
|
||||||
|
* \return 0 if successful, or a specific SSL error code.
|
||||||
|
*
|
||||||
|
* \note If this function returns something other than 0 or
|
||||||
|
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||||
|
* becomes unusable, and you should either free it or call
|
||||||
|
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||||
|
* a new connection; the current connection must be closed.
|
||||||
*/
|
*/
|
||||||
int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
|
|
|
@ -362,7 +362,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
||||||
/* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
|
/* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
|
||||||
* Also check for possible overflow */
|
* Also check for possible overflow */
|
||||||
if( ctx->len + length < ctx->len ||
|
if( ctx->len + length < ctx->len ||
|
||||||
(uint64_t) ctx->len + length > 0x03FFFFE0ull )
|
(uint64_t) ctx->len + length > 0xFFFFFFFE0ull )
|
||||||
{
|
{
|
||||||
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||||
}
|
}
|
||||||
|
|
|
@ -2584,7 +2584,9 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
dn_size = crt->subject_raw.len;
|
dn_size = crt->subject_raw.len;
|
||||||
|
|
||||||
if( end < p || (size_t)( end - p ) < 2 + dn_size )
|
if( end < p ||
|
||||||
|
(size_t)( end - p ) < dn_size ||
|
||||||
|
(size_t)( end - p ) < 2 + dn_size )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
|
||||||
break;
|
break;
|
||||||
|
|
Loading…
Reference in a new issue