Index: dll/3rdparty/mbedtls/base64.c =================================================================== --- dll/3rdparty/mbedtls/base64.c (revision 69463) +++ dll/3rdparty/mbedtls/base64.c (working copy) @@ -69,6 +69,8 @@ 49, 50, 51, 127, 127, 127, 127, 127 }; +#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ + /* * Encode a buffer into base64 format */ @@ -85,15 +87,16 @@ return( 0 ); } - n = ( slen << 3 ) / 6; + n = slen / 3 + ( slen % 3 != 0 ); - switch( ( slen << 3 ) - ( n * 6 ) ) + if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 ) { - case 2: n += 3; break; - case 4: n += 2; break; - default: break; + *olen = BASE64_SIZE_T_MAX; + return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); } + n *= 4; + if( dlen < n + 1 ) { *olen = n + 1; @@ -184,7 +187,10 @@ } if( n == 0 ) + { + *olen = 0; return( 0 ); + } n = ( ( n * 6 ) + 7 ) >> 3; n -= j; Index: dll/3rdparty/mbedtls/bignum.c =================================================================== --- dll/3rdparty/mbedtls/bignum.c (revision 69463) +++ dll/3rdparty/mbedtls/bignum.c (working copy) @@ -58,11 +58,14 @@ #define biL (ciL << 3) /* bits in limb */ #define biH (ciL << 2) /* half limb size */ +#define MPI_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ + /* * Convert between bits/chars and number of limbs + * Divide first in order to avoid potential overflows */ -#define BITS_TO_LIMBS(i) (((i) + biL - 1) / biL) -#define CHARS_TO_LIMBS(i) (((i) + ciL - 1) / ciL) +#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) +#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) /* * Initialize one MPI @@ -409,6 +412,9 @@ if( radix == 16 ) { + if( slen > MPI_SIZE_T_MAX >> 2 ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + n = BITS_TO_LIMBS( slen << 2 ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n ) ); Index: dll/3rdparty/mbedtls/debug.c =================================================================== --- dll/3rdparty/mbedtls/debug.c (revision 69463) +++ dll/3rdparty/mbedtls/debug.c (working copy) @@ -42,7 +42,8 @@ #define mbedtls_snprintf snprintf #endif -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline) +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) #define inline __inline #endif Index: dll/3rdparty/mbedtls/ecp.c =================================================================== --- dll/3rdparty/mbedtls/ecp.c (revision 69463) +++ dll/3rdparty/mbedtls/ecp.c (working copy) @@ -62,7 +62,8 @@ #define mbedtls_free free #endif -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline) +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) #define inline __inline #endif Index: dll/3rdparty/mbedtls/ecp_curves.c =================================================================== --- dll/3rdparty/mbedtls/ecp_curves.c (revision 69463) +++ dll/3rdparty/mbedtls/ecp_curves.c (working copy) @@ -31,7 +31,8 @@ #include -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline) +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) #define inline __inline #endif Index: dll/3rdparty/mbedtls/net.c =================================================================== --- dll/3rdparty/mbedtls/net.c (revision 69463) +++ dll/3rdparty/mbedtls/net.c (working copy) @@ -292,7 +292,7 @@ struct sockaddr_storage client_addr; #if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ - defined(_SOCKLEN_T_DECLARED) + defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) socklen_t n = (socklen_t) sizeof( client_addr ); socklen_t type_len = (socklen_t) sizeof( type ); #else Index: dll/3rdparty/mbedtls/pem.c =================================================================== --- dll/3rdparty/mbedtls/pem.c (revision 69463) +++ dll/3rdparty/mbedtls/pem.c (working copy) @@ -316,6 +316,9 @@ ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ } + if( s1 == s2 ) + return( MBEDTLS_ERR_PEM_INVALID_DATA ); + ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 ); if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER ) Index: dll/3rdparty/mbedtls/pkcs12.c =================================================================== --- dll/3rdparty/mbedtls/pkcs12.c (revision 69463) +++ dll/3rdparty/mbedtls/pkcs12.c (working copy) @@ -86,6 +86,8 @@ return( 0 ); } +#define PKCS12_MAX_PWDLEN 128 + static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type, const unsigned char *pwd, size_t pwdlen, unsigned char *key, size_t keylen, @@ -94,8 +96,11 @@ int ret, iterations; mbedtls_asn1_buf salt; size_t i; - unsigned char unipwd[258]; + unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2]; + if( pwdlen > PKCS12_MAX_PWDLEN ) + return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA ); + memset( &salt, 0, sizeof(mbedtls_asn1_buf) ); memset( &unipwd, 0, sizeof(unipwd) ); @@ -125,6 +130,8 @@ return( 0 ); } +#undef PKCS12_MAX_PWDLEN + int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t len, Index: dll/3rdparty/mbedtls/ssl_cli.c =================================================================== --- dll/3rdparty/mbedtls/ssl_cli.c (revision 69463) +++ dll/3rdparty/mbedtls/ssl_cli.c (working copy) @@ -60,6 +60,7 @@ size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; size_t hostname_len; *olen = 0; @@ -72,6 +73,12 @@ hostname_len = strlen( ssl->hostname ); + if( end < p || (size_t)( end - p ) < hostname_len + 9 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + /* * struct { * NameType name_type; @@ -115,6 +122,7 @@ size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; *olen = 0; @@ -123,6 +131,12 @@ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) ); + if( end < p || (size_t)( end - p ) < 5 + ssl->verify_data_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + /* * Secure renegotiation */ @@ -149,6 +163,7 @@ size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; size_t sig_alg_len = 0; const int *md; #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) @@ -162,9 +177,27 @@ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) ); + for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) + { +#if defined(MBEDTLS_ECDSA_C) + sig_alg_len += 2; +#endif +#if defined(MBEDTLS_RSA_C) + sig_alg_len += 2; +#endif + } + + if( end < p || (size_t)( end - p ) < sig_alg_len + 6 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + /* * Prepare signature_algorithms extension (TLS 1.2) */ + sig_alg_len = 0; + for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) { #if defined(MBEDTLS_ECDSA_C) @@ -214,6 +247,7 @@ size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; unsigned char *elliptic_curve_list = p + 6; size_t elliptic_curve_len = 0; const mbedtls_ecp_curve_info *info; @@ -235,7 +269,26 @@ for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) { #endif + elliptic_curve_len += 2; + } + if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + + elliptic_curve_len = 0; + +#if defined(MBEDTLS_ECP_C) + for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) + { + info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); +#else + for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) + { +#endif + elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8; elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF; } @@ -260,12 +313,18 @@ size_t *olen ) { unsigned char *p = buf; - ((void) ssl); + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; *olen = 0; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) ); + if( end < p || (size_t)( end - p ) < 6 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF ); @@ -285,14 +344,22 @@ size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; + *olen = 0; + if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) { - *olen = 0; return; } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) ); + if( end < p || (size_t)( end - p ) < 5 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); @@ -310,15 +377,23 @@ unsigned char *buf, size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; + *olen = 0; + if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ) { - *olen = 0; return; } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) ); + if( end < p || (size_t)( end - p ) < 4 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); @@ -334,11 +409,13 @@ unsigned char *buf, size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; + *olen = 0; + if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) { - *olen = 0; return; } @@ -345,6 +422,12 @@ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac " "extension" ) ); + if( end < p || (size_t)( end - p ) < 4 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); @@ -360,11 +443,13 @@ unsigned char *buf, size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; + *olen = 0; + if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) { - *olen = 0; return; } @@ -371,6 +456,12 @@ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret " "extension" ) ); + if( end < p || (size_t)( end - p ) < 4 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF ); @@ -386,16 +477,24 @@ unsigned char *buf, size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; size_t tlen = ssl->session_negotiate->ticket_len; + *olen = 0; + if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ) { - *olen = 0; return; } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) ); + if( end < p || (size_t)( end - p ) < 4 + tlen ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); @@ -404,8 +503,7 @@ *olen = 4; - if( ssl->session_negotiate->ticket == NULL || - ssl->session_negotiate->ticket_len == 0 ) + if( ssl->session_negotiate->ticket == NULL || tlen == 0 ) { return; } @@ -423,16 +521,28 @@ unsigned char *buf, size_t *olen ) { unsigned char *p = buf; + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; + size_t alpnlen = 0; const char **cur; + *olen = 0; + if( ssl->conf->alpn_list == NULL ) { - *olen = 0; return; } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) ); + for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) + alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1; + + if( end < p || (size_t)( end - p ) < 6 + alpnlen ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); @@ -799,13 +909,13 @@ ext_len += olen; #endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen ); +#if defined(MBEDTLS_SSL_ALPN) + ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; #endif -#if defined(MBEDTLS_SSL_ALPN) - ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen ); +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; #endif Index: dll/3rdparty/mbedtls/ssl_srv.c =================================================================== --- dll/3rdparty/mbedtls/ssl_srv.c (revision 69463) +++ dll/3rdparty/mbedtls/ssl_srv.c (working copy) @@ -2351,6 +2351,7 @@ size_t dn_size, total_dn_size; /* excluding length bytes */ size_t ct_len, sa_len; /* including length bytes */ unsigned char *buf, *p; + const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; const mbedtls_x509_crt *crt; int authmode; @@ -2471,10 +2472,14 @@ total_dn_size = 0; while( crt != NULL && crt->version != 0 ) { - if( p - buf > 4096 ) + dn_size = crt->subject_raw.len; + + if( end < p || (size_t)( end - p ) < 2 + dn_size ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) ); break; + } - dn_size = crt->subject_raw.len; *p++ = (unsigned char)( dn_size >> 8 ); *p++ = (unsigned char)( dn_size ); memcpy( p, crt->subject_raw.p, dn_size ); Index: dll/3rdparty/mbedtls/ssl_tls.c =================================================================== --- dll/3rdparty/mbedtls/ssl_tls.c (revision 69463) +++ dll/3rdparty/mbedtls/ssl_tls.c (working copy) @@ -5707,7 +5707,9 @@ ( conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ) ) == NULL ) { mbedtls_free( conf->psk ); + mbedtls_free( conf->psk_identity ); conf->psk = NULL; + conf->psk_identity = NULL; return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); } @@ -5730,7 +5732,7 @@ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); if( ssl->handshake->psk != NULL ) - mbedtls_free( ssl->conf->psk ); + mbedtls_free( ssl->handshake->psk ); if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ) { @@ -5833,6 +5835,9 @@ if( hostname_len + 1 == 0 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); if( ssl->hostname == NULL ) @@ -6993,7 +6998,7 @@ #endif /* - * Load default in mbetls_ssl_config + * Load default in mbedtls_ssl_config */ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, int endpoint, int transport, int preset ) Index: include/reactos/libs/mbedtls/base64.h =================================================================== --- include/reactos/libs/mbedtls/base64.h (revision 69463) +++ include/reactos/libs/mbedtls/base64.h (working copy) @@ -44,6 +44,9 @@ * \return 0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL. * *olen is always updated to reflect the amount * of data that has (or would have) been written. + * If that length cannot be represented, then no data is + * written to the buffer and *olen is set to the maximum + * length representable as a size_t. * * \note Call this function with dlen = 0 to obtain the * required buffer size in *olen Index: include/reactos/libs/mbedtls/cipher.h =================================================================== --- include/reactos/libs/mbedtls/cipher.h (revision 69463) +++ include/reactos/libs/mbedtls/cipher.h (working copy) @@ -46,7 +46,8 @@ #define MBEDTLS_CIPHER_MODE_STREAM #endif -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline) +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) #define inline __inline #endif Index: include/reactos/libs/mbedtls/config.h =================================================================== --- include/reactos/libs/mbedtls/config.h (revision 69463) +++ include/reactos/libs/mbedtls/config.h (working copy) @@ -1246,6 +1246,8 @@ * If set, the X509 parser will not break-off when parsing an X509 certificate * and encountering an unknown critical extension. * + * \warning Depending on your PKI use, enabling this can be a security risk! + * * Uncomment to prevent an error. */ //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION Index: include/reactos/libs/mbedtls/ctr_drbg.h =================================================================== --- include/reactos/libs/mbedtls/ctr_drbg.h (revision 69463) +++ include/reactos/libs/mbedtls/ctr_drbg.h (working copy) @@ -111,7 +111,7 @@ /** * \brief CTR_DRBG context initialization - * Makes the context ready for mbetls_ctr_drbg_seed() or + * Makes the context ready for mbedtls_ctr_drbg_seed() or * mbedtls_ctr_drbg_free(). * * \param ctx CTR_DRBG context to be initialized Index: include/reactos/libs/mbedtls/hmac_drbg.h =================================================================== --- include/reactos/libs/mbedtls/hmac_drbg.h (revision 69463) +++ include/reactos/libs/mbedtls/hmac_drbg.h (working copy) @@ -98,7 +98,7 @@ /** * \brief HMAC_DRBG context initialization - * Makes the context ready for mbetls_hmac_drbg_seed(), + * Makes the context ready for mbedtls_hmac_drbg_seed(), * mbedtls_hmac_drbg_seed_buf() or * mbedtls_hmac_drbg_free(). * Index: include/reactos/libs/mbedtls/md.h =================================================================== --- include/reactos/libs/mbedtls/md.h (revision 69463) +++ include/reactos/libs/mbedtls/md.h (working copy) @@ -27,10 +27,6 @@ #include -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline) -#define inline __inline -#endif - #define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */ #define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */ Index: include/reactos/libs/mbedtls/pk.h =================================================================== --- include/reactos/libs/mbedtls/pk.h (revision 69463) +++ include/reactos/libs/mbedtls/pk.h (working copy) @@ -44,6 +44,11 @@ #include "ecdsa.h" #endif +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 /**< Memory allocation failed. */ #define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 /**< Type mismatch, eg attempt to encrypt with an ECDSA key */ #define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 /**< Bad input parameters to function. */ @@ -59,7 +64,6 @@ #define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */ #define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */ - #ifdef __cplusplus extern "C" { #endif Index: include/reactos/libs/mbedtls/pkcs11.h =================================================================== --- include/reactos/libs/mbedtls/pkcs11.h (revision 69463) +++ include/reactos/libs/mbedtls/pkcs11.h (working copy) @@ -37,7 +37,8 @@ #include -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline) +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) #define inline __inline #endif @@ -54,7 +55,7 @@ } mbedtls_pkcs11_context; /** - * Initialize a mbetls_pkcs11_context. + * Initialize a mbedtls_pkcs11_context. * (Just making memory references valid.) */ void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx ); Index: include/reactos/libs/mbedtls/ssl.h =================================================================== --- include/reactos/libs/mbedtls/ssl.h (revision 69463) +++ include/reactos/libs/mbedtls/ssl.h (working copy) @@ -139,6 +139,8 @@ #define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */ #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ +#define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */ + /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c * NONE must be zero so that memset()ing structure to zero works */ #define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */ @@ -840,7 +842,7 @@ /** * \brief Initialize an SSL context - * Just makes the context ready for mbetls_ssl_setup() or + * Just makes the context ready for mbedtls_ssl_setup() or * mbedtls_ssl_free() * * \param ssl SSL context Index: include/reactos/libs/mbedtls/ssl_internal.h =================================================================== --- include/reactos/libs/mbedtls/ssl_internal.h (revision 69463) +++ include/reactos/libs/mbedtls/ssl_internal.h (working copy) @@ -41,7 +41,8 @@ #include "sha512.h" #endif -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline) +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) #define inline __inline #endif Index: include/reactos/libs/mbedtls/timing.h =================================================================== --- include/reactos/libs/mbedtls/timing.h (revision 69463) +++ include/reactos/libs/mbedtls/timing.h (working copy) @@ -92,7 +92,7 @@ * (See \c mbedtls_timing_get_delay().) * * \param data Pointer to timing data - * Must point to a valid \c mbetls_timing_delay_context struct. + * Must point to a valid \c mbedtls_timing_delay_context struct. * \param int_ms First (intermediate) delay in milliseconds. * \param fin_ms Second (final) delay in milliseconds. * Pass 0 to cancel the current delay. @@ -104,7 +104,7 @@ * (Memory helper: number of delays passed.) * * \param data Pointer to timing data - * Must point to a valid \c mbetls_timing_delay_context struct. + * Must point to a valid \c mbedtls_timing_delay_context struct. * * \return -1 if cancelled (fin_ms = 0) * 0 if none of the delays are passed, Index: include/reactos/libs/mbedtls/version.h =================================================================== --- include/reactos/libs/mbedtls/version.h (revision 69463) +++ include/reactos/libs/mbedtls/version.h (working copy) @@ -39,7 +39,7 @@ */ #define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MINOR 1 -#define MBEDTLS_VERSION_PATCH 1 +#define MBEDTLS_VERSION_PATCH 2 /** * The single version number has the following structure: @@ -46,9 +46,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02010100 -#define MBEDTLS_VERSION_STRING "2.1.1" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.1.1" +#define MBEDTLS_VERSION_NUMBER 0x02010200 +#define MBEDTLS_VERSION_STRING "2.1.2" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.1.2" #if defined(MBEDTLS_VERSION_C)