mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-28 00:21:48 +03:00
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
This commit is contained in:
Ronald Cron
@ -86,6 +86,7 @@ int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl )
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
||||
unsigned char *buf,
|
||||
size_t len,
|
||||
@ -157,11 +158,16 @@ exit:
|
||||
static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
|
||||
uint8_t slot );
|
||||
static void ssl_free_buffered_record( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_load_buffered_message( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_load_buffered_record( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_buffer_message( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
|
||||
mbedtls_record const *rec );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl );
|
||||
|
||||
static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
|
||||
@ -179,6 +185,7 @@ static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
|
||||
return( out_buf_len );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl )
|
||||
{
|
||||
size_t const bytes_written = ssl->out_left;
|
||||
@ -195,6 +202,7 @@ static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl )
|
||||
return( (int) ( mtu - bytes_written ) );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
@ -246,6 +254,7 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl
|
||||
* Double the retransmit timeout value, within the allowed range,
|
||||
* returning -1 if the maximum value has already been reached.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
uint32_t new_timeout;
|
||||
@ -329,6 +338,7 @@ static size_t ssl_compute_padding_length( size_t len,
|
||||
* - A negative error code if `max_len` didn't offer enough space
|
||||
* for the expansion.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_build_inner_plaintext( unsigned char *content,
|
||||
size_t *content_size,
|
||||
size_t remaining,
|
||||
@ -356,6 +366,7 @@ static int ssl_build_inner_plaintext( unsigned char *content,
|
||||
|
||||
/* This function parses a (D)TLSInnerPlaintext structure.
|
||||
* See ssl_build_inner_plaintext() for details. */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_inner_plaintext( unsigned char const *content,
|
||||
size_t *content_size,
|
||||
uint8_t *rec_type )
|
||||
@ -469,6 +480,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
||||
#if defined(MBEDTLS_GCM_C) || \
|
||||
defined(MBEDTLS_CCM_C) || \
|
||||
defined(MBEDTLS_CHACHAPOLY_C)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_transform_aead_dynamic_iv_is_explicit(
|
||||
mbedtls_ssl_transform const *transform )
|
||||
{
|
||||
@ -2066,6 +2078,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
|
||||
/*
|
||||
* Append current handshake message to current outgoing flight
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_flight_append( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
mbedtls_ssl_flight_item *msg;
|
||||
@ -2132,6 +2145,7 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight )
|
||||
/*
|
||||
* Swap transform_out and out_ctr with the alternative ones
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
mbedtls_ssl_transform *tmp_transform;
|
||||
@ -2767,6 +2781,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush )
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
if( ssl->in_msglen < ssl->in_hslen ||
|
||||
@ -2792,6 +2807,7 @@ static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl )
|
||||
ssl->in_msg[8] );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_check_hs_header( mbedtls_ssl_context const *ssl )
|
||||
{
|
||||
uint32_t msg_len, frag_off, frag_len;
|
||||
@ -2858,6 +2874,7 @@ static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len )
|
||||
/*
|
||||
* Check that bitmask is full
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_bitmask_check( unsigned char *mask, size_t len )
|
||||
{
|
||||
size_t i;
|
||||
@ -3057,6 +3074,7 @@ static inline uint64_t ssl_load_six_bytes( unsigned char *buf )
|
||||
( (uint64_t) buf[5] ) );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8_t *record_in_ctr )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
@ -3139,8 +3157,8 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl )
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
|
||||
/*
|
||||
* Without any SSL context, check if a datagram looks like a ClientHello with
|
||||
* a valid cookie, and if it doesn't, generate a HelloVerifyRequest message.
|
||||
* Check if a datagram looks like a ClientHello with a valid cookie,
|
||||
* and if it doesn't, generate a HelloVerifyRequest message.
|
||||
* Both input and output include full DTLS headers.
|
||||
*
|
||||
* - if cookie is valid, return 0
|
||||
@ -3149,15 +3167,15 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl )
|
||||
* return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
|
||||
* - otherwise return a specific error code
|
||||
*/
|
||||
static int ssl_check_dtls_clihlo_cookie(
|
||||
mbedtls_ssl_cookie_write_t *f_cookie_write,
|
||||
mbedtls_ssl_cookie_check_t *f_cookie_check,
|
||||
void *p_cookie,
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
MBEDTLS_STATIC_TESTABLE
|
||||
int mbedtls_ssl_check_dtls_clihlo_cookie(
|
||||
mbedtls_ssl_context *ssl,
|
||||
const unsigned char *cli_id, size_t cli_id_len,
|
||||
const unsigned char *in, size_t in_len,
|
||||
unsigned char *obuf, size_t buf_len, size_t *olen )
|
||||
{
|
||||
size_t sid_len, cookie_len;
|
||||
size_t sid_len, cookie_len, epoch, fragment_offset;
|
||||
unsigned char *p;
|
||||
|
||||
/*
|
||||
@ -3186,26 +3204,55 @@ static int ssl_check_dtls_clihlo_cookie(
|
||||
*
|
||||
* Minimum length is 61 bytes.
|
||||
*/
|
||||
if( in_len < 61 ||
|
||||
in[0] != MBEDTLS_SSL_MSG_HANDSHAKE ||
|
||||
in[3] != 0 || in[4] != 0 ||
|
||||
in[19] != 0 || in[20] != 0 || in[21] != 0 )
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: in_len=%u",
|
||||
(unsigned) in_len ) );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "cli_id", cli_id, cli_id_len );
|
||||
if( in_len < 61 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: record too short" ) );
|
||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
}
|
||||
|
||||
epoch = MBEDTLS_GET_UINT16_BE( in, 3 );
|
||||
fragment_offset = MBEDTLS_GET_UINT24_BE( in, 19 );
|
||||
|
||||
if( in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || epoch != 0 ||
|
||||
fragment_offset != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: not a good ClientHello" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( " type=%u epoch=%u fragment_offset=%u",
|
||||
in[0], (unsigned) epoch,
|
||||
(unsigned) fragment_offset ) );
|
||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
}
|
||||
|
||||
sid_len = in[59];
|
||||
if( sid_len > in_len - 61 )
|
||||
if( 59 + 1 + sid_len + 1 > in_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: sid_len=%u > %u",
|
||||
(unsigned) sid_len,
|
||||
(unsigned) in_len - 61 ) );
|
||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
}
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "sid received from network",
|
||||
in + 60, sid_len );
|
||||
|
||||
cookie_len = in[60 + sid_len];
|
||||
if( cookie_len > in_len - 60 )
|
||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
|
||||
if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len,
|
||||
cli_id, cli_id_len ) == 0 )
|
||||
if( 59 + 1 + sid_len + 1 + cookie_len > in_len )
|
||||
{
|
||||
/* Valid cookie */
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: cookie_len=%u > %u",
|
||||
(unsigned) cookie_len,
|
||||
(unsigned) ( in_len - sid_len - 61 ) ) );
|
||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "cookie received from network",
|
||||
in + sid_len + 61, cookie_len );
|
||||
if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
|
||||
in + sid_len + 61, cookie_len,
|
||||
cli_id, cli_id_len ) == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: valid" ) );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
@ -3240,8 +3287,9 @@ static int ssl_check_dtls_clihlo_cookie(
|
||||
|
||||
/* Generate and write actual cookie */
|
||||
p = obuf + 28;
|
||||
if( f_cookie_write( p_cookie,
|
||||
&p, obuf + buf_len, cli_id, cli_id_len ) != 0 )
|
||||
if( ssl->conf->f_cookie_write( ssl->conf->p_cookie,
|
||||
&p, obuf + buf_len,
|
||||
cli_id, cli_id_len ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
@ -3280,6 +3328,7 @@ static int ssl_check_dtls_clihlo_cookie(
|
||||
* includes the case of MBEDTLS_ERR_SSL_CLIENT_RECONNECT and of unexpected
|
||||
* errors, and is the right thing to do in both cases).
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
@ -3295,15 +3344,13 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
ret = ssl_check_dtls_clihlo_cookie(
|
||||
ssl->conf->f_cookie_write,
|
||||
ssl->conf->f_cookie_check,
|
||||
ssl->conf->p_cookie,
|
||||
ret = mbedtls_ssl_check_dtls_clihlo_cookie(
|
||||
ssl,
|
||||
ssl->cli_id, ssl->cli_id_len,
|
||||
ssl->in_buf, ssl->in_left,
|
||||
ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret );
|
||||
MBEDTLS_SSL_DEBUG_RET( 2, "mbedtls_ssl_check_dtls_clihlo_cookie", ret );
|
||||
|
||||
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
|
||||
{
|
||||
@ -3337,6 +3384,7 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_check_record_type( uint8_t record_type )
|
||||
{
|
||||
if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||
@ -3369,6 +3417,7 @@ static int ssl_check_record_type( uint8_t record_type )
|
||||
* Point 2 is needed when the peer is resending, and we have already received
|
||||
* the first record from a datagram but are still waiting for the others.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
||||
unsigned char *buf,
|
||||
size_t len,
|
||||
@ -3481,7 +3530,6 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
||||
/*
|
||||
* Parse and validate record version
|
||||
*/
|
||||
|
||||
rec->ver[0] = buf[ rec_hdr_version_offset + 0 ];
|
||||
rec->ver[1] = buf[ rec_hdr_version_offset + 1 ];
|
||||
tls_version = mbedtls_ssl_read_version( buf + rec_hdr_version_offset,
|
||||
@ -3489,10 +3537,12 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
||||
|
||||
if( tls_version > ssl->conf->max_tls_version )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS version mismatch" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS version mismatch: got %u, expected max %u",
|
||||
(unsigned) tls_version,
|
||||
(unsigned) ssl->conf->max_tls_version) );
|
||||
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse/Copy record sequence number.
|
||||
*/
|
||||
@ -3594,6 +3644,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
||||
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
|
||||
@ -3623,6 +3674,7 @@ static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl )
|
||||
/*
|
||||
* If applicable, decrypt record content
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
|
||||
mbedtls_record *rec )
|
||||
{
|
||||
@ -3757,7 +3809,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
|
||||
|
||||
/* Check actual (decrypted) record content length against
|
||||
* configured maximum. */
|
||||
if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN )
|
||||
if( rec->data_len > MBEDTLS_SSL_IN_CONTENT_LEN )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
@ -3775,8 +3827,11 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
|
||||
*/
|
||||
|
||||
/* Helper functions for mbedtls_ssl_read_record(). */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_consume_current_message( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_get_next_record( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl );
|
||||
|
||||
int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
|
||||
@ -3864,6 +3919,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
if( ssl->in_left > ssl->next_record_offset )
|
||||
@ -3872,6 +3928,7 @@ static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl )
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
|
||||
@ -3969,6 +4026,7 @@ exit:
|
||||
return( ret );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
|
||||
size_t desired )
|
||||
{
|
||||
@ -4011,6 +4069,7 @@ static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
|
||||
return( -1 );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_buffer_message( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = 0;
|
||||
@ -4215,6 +4274,7 @@ exit:
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_consume_current_message( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
/*
|
||||
@ -4302,6 +4362,7 @@ static int ssl_consume_current_message( mbedtls_ssl_context *ssl )
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
if( ssl->in_msglen > 0 )
|
||||
@ -4328,6 +4389,7 @@ static void ssl_free_buffered_record( mbedtls_ssl_context *ssl )
|
||||
}
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_load_buffered_record( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
|
||||
@ -4385,6 +4447,7 @@ exit:
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
|
||||
mbedtls_record const *rec )
|
||||
{
|
||||
@ -4443,6 +4506,7 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
@ -5193,6 +5257,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
|
||||
/*
|
||||
* Check record counters and renegotiate if they're above the limit.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
size_t ep_len = mbedtls_ssl_ep_len( ssl );
|
||||
@ -5232,6 +5297,7 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
|
||||
* and having a helper function allows to distinguish between TLS <= 1.2 and
|
||||
* TLS 1.3 in the future without bloating the logic of mbedtls_ssl_read().
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
@ -5549,6 +5615,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
||||
* Therefore, it is possible that the input message length is 0 and the
|
||||
* corresponding return code is 0 on success.
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_real( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf, size_t len )
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user