Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-05-22 18:45:00 +00:00
Code Issues Projects Releases Packages Wiki Activity

[MBEDTLS] Update to v2.1.2. By Ismael Ferreras Morezuelas. CORE-10318

Browse source 
svn path=/trunk/; revision=69512
This commit is contained in:
Amine Khaldi 2015-10-12 12:47:42 +00:00
parent b792e060da
commit 9959dee59b
12 changed files with 176 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
reactos/dll/3rdparty/mbedtls/base64.c vendored
View file

@ -69,6 +69,8 @@ static const unsigned char base64_dec_map[128] =
49, 50, 51, 127, 127, 127, 127, 127 49, 50, 51, 127, 127, 127, 127, 127
}; };
#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
/* /*
* Encode a buffer into base64 format * Encode a buffer into base64 format
*/ */
@ -85,15 +87,16 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
return( 0 ); return( 0 );
} }
n = ( slen << 3 ) / 6; n = slen / 3 + ( slen % 3 != 0 );
switch( ( slen << 3 ) - ( n * 6 ) ) if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 )
{ {
case 2: n += 3; break; *olen = BASE64_SIZE_T_MAX;
case 4: n += 2; break; return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
default: break;
} }
n *= 4;
if( dlen < n + 1 ) if( dlen < n + 1 )
{ {
*olen = n + 1; *olen = n + 1;
@ -184,7 +187,10 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
} }
if( n == 0 ) if( n == 0 )
{
*olen = 0;
return( 0 ); return( 0 );
}
n = ( ( n * 6 ) + 7 ) >> 3; n = ( ( n * 6 ) + 7 ) >> 3;
n -= j; n -= j;

10
reactos/dll/3rdparty/mbedtls/bignum.c vendored
View file

@ -58,11 +58,14 @@ static void mbedtls_zeroize( void *v, size_t n ) {
#define biL (ciL << 3) /* bits in limb */ #define biL (ciL << 3) /* bits in limb */
#define biH (ciL << 2) /* half limb size */ #define biH (ciL << 2) /* half limb size */
#define MPI_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
/* /*
* Convert between bits/chars and number of limbs * Convert between bits/chars and number of limbs
* Divide first in order to avoid potential overflows
*/ */
#define BITS_TO_LIMBS(i) (((i) + biL - 1) / biL) #define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) )
#define CHARS_TO_LIMBS(i) (((i) + ciL - 1) / ciL) #define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
/* /*
* Initialize one MPI * Initialize one MPI
@ -409,6 +412,9 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
if( radix == 16 ) if( radix == 16 )
{ {
if( slen > MPI_SIZE_T_MAX >> 2 )
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
n = BITS_TO_LIMBS( slen << 2 ); n = BITS_TO_LIMBS( slen << 2 );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n ) );

3
reactos/dll/3rdparty/mbedtls/debug.c vendored
View file

@ -42,7 +42,8 @@
#define mbedtls_snprintf snprintf #define mbedtls_snprintf snprintf
#endif #endif
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline) #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline #define inline __inline
#endif #endif

3
reactos/dll/3rdparty/mbedtls/ecp.c vendored
View file

@ -62,7 +62,8 @@
#define mbedtls_free free #define mbedtls_free free
#endif #endif
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline) #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline #define inline __inline
#endif #endif

3
reactos/dll/3rdparty/mbedtls/ecp_curves.c vendored
View file

@ -31,7 +31,8 @@
#include <string.h> #include <string.h>
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline) #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline #define inline __inline
#endif #endif

2
reactos/dll/3rdparty/mbedtls/net.c vendored
View file

@ -292,7 +292,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
struct sockaddr_storage client_addr; struct sockaddr_storage client_addr;
#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ #if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \
defined(_SOCKLEN_T_DECLARED) defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t)
socklen_t n = (socklen_t) sizeof( client_addr ); socklen_t n = (socklen_t) sizeof( client_addr );
socklen_t type_len = (socklen_t) sizeof( type ); socklen_t type_len = (socklen_t) sizeof( type );
#else #else

3
reactos/dll/3rdparty/mbedtls/pem.c vendored
View file

@ -316,6 +316,9 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
} }
if( s1 == s2 )
return( MBEDTLS_ERR_PEM_INVALID_DATA );
ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 ); ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );
if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER ) if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )

9
reactos/dll/3rdparty/mbedtls/pkcs12.c vendored
View file

@ -86,6 +86,8 @@ static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
return( 0 ); return( 0 );
} }
#define PKCS12_MAX_PWDLEN 128
static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type, static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type,
const unsigned char *pwd, size_t pwdlen, const unsigned char *pwd, size_t pwdlen,
unsigned char *key, size_t keylen, unsigned char *key, size_t keylen,
@ -94,7 +96,10 @@ static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_ty
int ret, iterations; int ret, iterations;
mbedtls_asn1_buf salt; mbedtls_asn1_buf salt;
size_t i; size_t i;
unsigned char unipwd[258]; unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
if( pwdlen > PKCS12_MAX_PWDLEN )
return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
memset( &salt, 0, sizeof(mbedtls_asn1_buf) ); memset( &salt, 0, sizeof(mbedtls_asn1_buf) );
memset( &unipwd, 0, sizeof(unipwd) ); memset( &unipwd, 0, sizeof(unipwd) );
@ -125,6 +130,8 @@ static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_ty
return( 0 ); return( 0 );
} }
#undef PKCS12_MAX_PWDLEN
int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
const unsigned char *pwd, size_t pwdlen, const unsigned char *pwd, size_t pwdlen,
const unsigned char *data, size_t len, const unsigned char *data, size_t len,

136
reactos/dll/3rdparty/mbedtls/ssl_cli.c vendored
View file

@ -60,6 +60,7 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
size_t *olen ) size_t *olen )
{ {
unsigned char *p = buf; unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
size_t hostname_len; size_t hostname_len;
*olen = 0; *olen = 0;
@ -72,6 +73,12 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
hostname_len = strlen( ssl->hostname ); hostname_len = strlen( ssl->hostname );
if( end < p || (size_t)( end - p ) < hostname_len + 9 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
return;
}
/* /*
* struct { * struct {
* NameType name_type; * NameType name_type;
@ -115,6 +122,7 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
size_t *olen ) size_t *olen )
{ {
unsigned char *p = buf; unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
*olen = 0; *olen = 0;
@ -123,6 +131,12 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
if( end < p || (size_t)( end - p ) < 5 + ssl->verify_data_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
return;
}
/* /*
* Secure renegotiation * Secure renegotiation
*/ */
@ -149,6 +163,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
size_t *olen ) size_t *olen )
{ {
unsigned char *p = buf; unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
size_t sig_alg_len = 0; size_t sig_alg_len = 0;
const int *md; const int *md;
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
@ -162,9 +177,27 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
{
#if defined(MBEDTLS_ECDSA_C)
sig_alg_len += 2;
#endif
#if defined(MBEDTLS_RSA_C)
sig_alg_len += 2;
#endif
}
if( end < p || (size_t)( end - p ) < sig_alg_len + 6 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
return;
}
/* /*
* Prepare signature_algorithms extension (TLS 1.2) * Prepare signature_algorithms extension (TLS 1.2)
*/ */
sig_alg_len = 0;
for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
{ {
#if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_ECDSA_C)
@ -214,6 +247,7 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
size_t *olen ) size_t *olen )
{ {
unsigned char *p = buf; unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
unsigned char *elliptic_curve_list = p + 6; unsigned char *elliptic_curve_list = p + 6;
size_t elliptic_curve_len = 0; size_t elliptic_curve_len = 0;
const mbedtls_ecp_curve_info *info; const mbedtls_ecp_curve_info *info;
@ -227,6 +261,25 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
#if defined(MBEDTLS_ECP_C)
for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
{
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
#else
for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
{
#endif
elliptic_curve_len += 2;
}
if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
return;
}
elliptic_curve_len = 0;
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
{ {
@ -260,12 +313,18 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
size_t *olen ) size_t *olen )
{ {
unsigned char *p = buf; unsigned char *p = buf;
((void) ssl); const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
*olen = 0; *olen = 0;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) );
if( end < p || (size_t)( end - p ) < 6 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
return;
}
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF );
@ -285,14 +344,22 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
size_t *olen ) size_t *olen )
{ {
unsigned char *p = buf; unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
*olen = 0;
if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) { if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) {
*olen = 0;
return; return;
} }
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) );
if( end < p || (size_t)( end - p ) < 5 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
return;
}
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF );
@ -310,15 +377,23 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, size_t *olen ) unsigned char *buf, size_t *olen )
{ {
unsigned char *p = buf; unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
*olen = 0;
if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ) if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
{ {
*olen = 0;
return; return;
} }
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) );
if( end < p || (size_t)( end - p ) < 4 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
return;
}
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF );
@ -334,17 +409,25 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, size_t *olen ) unsigned char *buf, size_t *olen )
{ {
unsigned char *p = buf; unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
*olen = 0;
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{ {
*olen = 0;
return; return;
} }
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac " MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac "
"extension" ) ); "extension" ) );
if( end < p || (size_t)( end - p ) < 4 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
return;
}
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF );
@ -360,17 +443,25 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, size_t *olen ) unsigned char *buf, size_t *olen )
{ {
unsigned char *p = buf; unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
*olen = 0;
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{ {
*olen = 0;
return; return;
} }
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret " MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret "
"extension" ) ); "extension" ) );
if( end < p || (size_t)( end - p ) < 4 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
return;
}
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF );
@ -386,16 +477,24 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, size_t *olen ) unsigned char *buf, size_t *olen )
{ {
unsigned char *p = buf; unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
size_t tlen = ssl->session_negotiate->ticket_len; size_t tlen = ssl->session_negotiate->ticket_len;
*olen = 0;
if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ) if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
{ {
*olen = 0;
return; return;
} }
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) );
if( end < p || (size_t)( end - p ) < 4 + tlen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
return;
}
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF );
@ -404,8 +503,7 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
*olen = 4; *olen = 4;
if( ssl->session_negotiate->ticket == NULL || if( ssl->session_negotiate->ticket == NULL || tlen == 0 )
ssl->session_negotiate->ticket_len == 0 )
{ {
return; return;
} }
@ -423,16 +521,28 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, size_t *olen ) unsigned char *buf, size_t *olen )
{ {
unsigned char *p = buf; unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
size_t alpnlen = 0;
const char **cur; const char **cur;
*olen = 0;
if( ssl->conf->alpn_list == NULL ) if( ssl->conf->alpn_list == NULL )
{ {
*olen = 0;
return; return;
} }
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1;
if( end < p || (size_t)( end - p ) < 6 + alpnlen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
return;
}
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF );
@ -799,13 +909,13 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
ext_len += olen; ext_len += olen;
#endif #endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_ALPN)
ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen ); ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen; ext_len += olen;
#endif #endif
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen ); ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen; ext_len += olen;
#endif #endif

11
reactos/dll/3rdparty/mbedtls/ssl_srv.c vendored
View file

@ -2351,6 +2351,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
size_t dn_size, total_dn_size; /* excluding length bytes */ size_t dn_size, total_dn_size; /* excluding length bytes */
size_t ct_len, sa_len; /* including length bytes */ size_t ct_len, sa_len; /* including length bytes */
unsigned char *buf, *p; unsigned char *buf, *p;
const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
const mbedtls_x509_crt *crt; const mbedtls_x509_crt *crt;
int authmode; int authmode;
@ -2471,10 +2472,14 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
total_dn_size = 0; total_dn_size = 0;
while( crt != NULL && crt->version != 0 ) while( crt != NULL && crt->version != 0 )
{ {
if( p - buf > 4096 )
break;
dn_size = crt->subject_raw.len; dn_size = crt->subject_raw.len;
if( end < p || (size_t)( end - p ) < 2 + dn_size )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
break;
}
*p++ = (unsigned char)( dn_size >> 8 ); *p++ = (unsigned char)( dn_size >> 8 );
*p++ = (unsigned char)( dn_size ); *p++ = (unsigned char)( dn_size );
memcpy( p, crt->subject_raw.p, dn_size ); memcpy( p, crt->subject_raw.p, dn_size );

9
reactos/dll/3rdparty/mbedtls/ssl_tls.c vendored
View file

@ -5707,7 +5707,9 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
( conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ) ) == NULL ) ( conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ) ) == NULL )
{ {
mbedtls_free( conf->psk ); mbedtls_free( conf->psk );
mbedtls_free( conf->psk_identity );
conf->psk = NULL; conf->psk = NULL;
conf->psk_identity = NULL;
return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
} }
@ -5730,7 +5732,7 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( ssl->handshake->psk != NULL ) if( ssl->handshake->psk != NULL )
mbedtls_free( ssl->conf->psk ); mbedtls_free( ssl->handshake->psk );
if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ) if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
{ {
@ -5833,6 +5835,9 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
if( hostname_len + 1 == 0 ) if( hostname_len + 1 == 0 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
if( ssl->hostname == NULL ) if( ssl->hostname == NULL )
@ -6993,7 +6998,7 @@ static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
#endif #endif
/* /*
* Load default in mbetls_ssl_config * Load default in mbedtls_ssl_config
*/ */
int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
int endpoint, int transport, int preset ) int endpoint, int transport, int preset )

2
reactos/media/doc/3rd Party Files.txt
View file

@ -79,7 +79,7 @@ Used Version: 9a
Website: http://www.ijg.org/ Website: http://www.ijg.org/
Title: mbed TLS Title: mbed TLS
Used Version: 2.1.1 Used Version: 2.1.2
Website: https://tls.mbed.org/ Website: https://tls.mbed.org/
Title: libpng Title: libpng