[akhaldi] 69512: [MBEDTLS] Update to v2.1.2. By Ismael Ferreras Morezuelas. CORE-10318 - Ros-diffs

12 Oct 2015

Author: akhaldi
Date: Mon Oct 12 12:47:42 2015
New Revision: 69512
URL: http://svn.reactos.org/svn/reactos?rev=69512&view=rev
Log:
[MBEDTLS] Update to v2.1.2. By Ismael Ferreras Morezuelas. CORE-10318
Modified:
    trunk/reactos/dll/3rdparty/mbedtls/base64.c
    trunk/reactos/dll/3rdparty/mbedtls/bignum.c
    trunk/reactos/dll/3rdparty/mbedtls/debug.c
    trunk/reactos/dll/3rdparty/mbedtls/ecp.c
    trunk/reactos/dll/3rdparty/mbedtls/ecp_curves.c
    trunk/reactos/dll/3rdparty/mbedtls/net.c
    trunk/reactos/dll/3rdparty/mbedtls/pem.c
    trunk/reactos/dll/3rdparty/mbedtls/pkcs12.c
    trunk/reactos/dll/3rdparty/mbedtls/ssl_cli.c
    trunk/reactos/dll/3rdparty/mbedtls/ssl_srv.c
    trunk/reactos/dll/3rdparty/mbedtls/ssl_tls.c
    trunk/reactos/media/doc/3rd Party Files.txt
Modified: trunk/reactos/dll/3rdparty/mbedtls/base64.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/base64...
==============================================================================

--- trunk/reactos/dll/3rdparty/mbedtls/base64.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/base64.c	[iso-8859-1] Mon Oct 12 12:47:42 2015
@@ -69,6 +69,8 @@
      49,  50,  51, 127, 127, 127, 127, 127
 };
+#define BASE64_SIZE_T_MAX   ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
+
 /*
  * Encode a buffer into base64 format
  */
@@ -85,14 +87,15 @@
         return( 0 );
     }
-    n = ( slen << 3 ) / 6;
-
-    switch( ( slen << 3 ) - ( n * 6 ) )
-    {
-        case  2: n += 3; break;
-        case  4: n += 2; break;
-        default: break;
-    }
+    n = slen / 3 + ( slen % 3 != 0 );
+
+    if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 )
+    {
+        *olen = BASE64_SIZE_T_MAX;
+        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+    }
+
+    n *= 4;
if( dlen < n + 1 )
     {
@@ -184,7 +187,10 @@
     }
if( n == 0 )
+    {
+        *olen = 0;
         return( 0 );
+    }
n = ( ( n * 6 ) + 7 ) >> 3;
     n -= j;
Modified: trunk/reactos/dll/3rdparty/mbedtls/bignum.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/bignum...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/bignum.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/bignum.c	[iso-8859-1] Mon Oct 12 12:47:42 2015
@@ -58,11 +58,14 @@
 #define biL    (ciL << 3)               /* bits  in limb  */
 #define biH    (ciL << 2)               /* half limb size */
+#define MPI_SIZE_T_MAX  ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
+
 /*
  * Convert between bits/chars and number of limbs
- */
-#define BITS_TO_LIMBS(i)  (((i) + biL - 1) / biL)
-#define CHARS_TO_LIMBS(i) (((i) + ciL - 1) / ciL)
+ * Divide first in order to avoid potential overflows
+ */
+#define BITS_TO_LIMBS(i)  ( (i) / biL + ( (i) % biL != 0 ) )
+#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
/*
  * Initialize one MPI
@@ -409,6 +412,9 @@
if( radix == 16 )
     {
+        if( slen > MPI_SIZE_T_MAX >> 2 )
+            return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
         n = BITS_TO_LIMBS( slen << 2 );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n ) );
Modified: trunk/reactos/dll/3rdparty/mbedtls/debug.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/debug....
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/debug.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/debug.c	[iso-8859-1] Mon Oct 12 12:47:42 2015
@@ -42,7 +42,8 @@
 #define mbedtls_snprintf    snprintf
 #endif
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
 #define inline __inline
 #endif
Modified: trunk/reactos/dll/3rdparty/mbedtls/ecp.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/ecp.c?...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/ecp.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/ecp.c	[iso-8859-1] Mon Oct 12 12:47:42 2015
@@ -62,7 +62,8 @@
 #define mbedtls_free       free
 #endif
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
 #define inline __inline
 #endif
Modified: trunk/reactos/dll/3rdparty/mbedtls/ecp_curves.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/ecp_cu...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/ecp_curves.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/ecp_curves.c	[iso-8859-1] Mon Oct 12 12:47:42 2015
@@ -31,7 +31,8 @@
#include <string.h>
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
 #define inline __inline
 #endif
Modified: trunk/reactos/dll/3rdparty/mbedtls/net.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/net.c?...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/net.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/net.c	[iso-8859-1] Mon Oct 12 12:47:42 2015
@@ -292,7 +292,7 @@
     struct sockaddr_storage client_addr;
#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) ||  \
-    defined(_SOCKLEN_T_DECLARED)
+    defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t)
     socklen_t n = (socklen_t) sizeof( client_addr );
     socklen_t type_len = (socklen_t) sizeof( type );
 #else
Modified: trunk/reactos/dll/3rdparty/mbedtls/pem.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/pem.c?...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/pem.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/pem.c	[iso-8859-1] Mon Oct 12 12:47:42 2015
@@ -316,6 +316,9 @@
           ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
     }
+    if( s1 == s2 )
+        return( MBEDTLS_ERR_PEM_INVALID_DATA );
+
     ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );
if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )
Modified: trunk/reactos/dll/3rdparty/mbedtls/pkcs12.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/pkcs12...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/pkcs12.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/pkcs12.c	[iso-8859-1] Mon Oct 12 12:47:42 2015
@@ -86,6 +86,8 @@
     return( 0 );
 }
+#define PKCS12_MAX_PWDLEN 128
+
 static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type,
                                      const unsigned char *pwd,  size_t pwdlen,
                                      unsigned char *key, size_t keylen,
@@ -94,7 +96,10 @@
     int ret, iterations;
     mbedtls_asn1_buf salt;
     size_t i;
-    unsigned char unipwd[258];
+    unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
+
+    if( pwdlen > PKCS12_MAX_PWDLEN )
+        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
memset( &salt, 0, sizeof(mbedtls_asn1_buf) );
     memset( &unipwd, 0, sizeof(unipwd) );
@@ -124,6 +129,8 @@
     }
     return( 0 );
 }
+
+#undef PKCS12_MAX_PWDLEN
int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
                              const unsigned char *pwd,  size_t pwdlen,
Modified: trunk/reactos/dll/3rdparty/mbedtls/ssl_cli.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/ssl_cl...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/ssl_cli.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/ssl_cli.c	[iso-8859-1] Mon Oct 12 12:47:42 2015
@@ -60,6 +60,7 @@
                                     size_t *olen )
 {
     unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
     size_t hostname_len;
*olen = 0;
@@ -71,6 +72,12 @@
                    ssl->hostname ) );
hostname_len = strlen( ssl->hostname );
+
+    if( end < p || (size_t)( end - p ) < hostname_len + 9 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
/*
      * struct {
@@ -115,6 +122,7 @@
                                          size_t *olen )
 {
     unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
*olen = 0;
@@ -122,6 +130,12 @@
         return;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
+
+    if( end < p || (size_t)( end - p ) < 5 + ssl->verify_data_len )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
/*
      * Secure renegotiation
@@ -149,6 +163,7 @@
                                                 size_t *olen )
 {
     unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
     size_t sig_alg_len = 0;
     const int *md;
 #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
@@ -162,9 +177,27 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
+    for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
+    {
+#if defined(MBEDTLS_ECDSA_C)
+        sig_alg_len += 2;
+#endif
+#if defined(MBEDTLS_RSA_C)
+        sig_alg_len += 2;
+#endif
+    }
+
+    if( end < p || (size_t)( end - p ) < sig_alg_len + 6 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
     /*
      * Prepare signature_algorithms extension (TLS 1.2)
      */
+    sig_alg_len = 0;
+
     for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
     {
 #if defined(MBEDTLS_ECDSA_C)
@@ -214,6 +247,7 @@
                                                      size_t *olen )
 {
     unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
     unsigned char *elliptic_curve_list = p + 6;
     size_t elliptic_curve_len = 0;
     const mbedtls_ecp_curve_info *info;
@@ -235,6 +269,25 @@
     for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
     {
 #endif
+        elliptic_curve_len += 2;
+    }
+
+    if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
+    elliptic_curve_len = 0;
+
+#if defined(MBEDTLS_ECP_C)
+    for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
+    {
+        info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
+#else
+    for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
+    {
+#endif
elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
         elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
@@ -260,11 +313,17 @@
                                                    size_t *olen )
 {
     unsigned char *p = buf;
-    ((void) ssl);
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
*olen = 0;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) );
+
+    if( end < p || (size_t)( end - p ) < 6 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
     *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS      ) & 0xFF );
@@ -285,13 +344,21 @@
                                                size_t *olen )
 {
     unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+
+    *olen = 0;
if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) {
-        *olen = 0;
         return;
     }
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) );
+
+    if( end < p || (size_t)( end - p ) < 5 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF );
     *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH      ) & 0xFF );
@@ -310,14 +377,22 @@
                                           unsigned char *buf, size_t *olen )
 {
     unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+
+    *olen = 0;
if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
     {
-        *olen = 0;
         return;
     }
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) );
+
+    if( end < p || (size_t)( end - p ) < 4 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF );
     *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC      ) & 0xFF );
@@ -334,16 +409,24 @@
                                        unsigned char *buf, size_t *olen )
 {
     unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+
+    *olen = 0;
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
         ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
     {
-        *olen = 0;
         return;
     }
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac "
                         "extension" ) );
+
+    if( end < p || (size_t)( end - p ) < 4 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF );
     *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC      ) & 0xFF );
@@ -360,16 +443,24 @@
                                        unsigned char *buf, size_t *olen )
 {
     unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+
+    *olen = 0;
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
         ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
     {
-        *olen = 0;
         return;
     }
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret "
                         "extension" ) );
+
+    if( end < p || (size_t)( end - p ) < 4 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF );
     *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET      ) & 0xFF );
@@ -386,15 +477,23 @@
                                           unsigned char *buf, size_t *olen )
 {
     unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
     size_t tlen = ssl->session_negotiate->ticket_len;
+    *olen = 0;
+
     if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
     {
-        *olen = 0;
         return;
     }
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) );
+
+    if( end < p || (size_t)( end - p ) < 4 + tlen )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
     *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET      ) & 0xFF );
@@ -404,8 +503,7 @@
*olen = 4;
-    if( ssl->session_negotiate->ticket == NULL ||
-        ssl->session_negotiate->ticket_len == 0 )
+    if( ssl->session_negotiate->ticket == NULL || tlen == 0 )
     {
         return;
     }
@@ -423,15 +521,27 @@
                                 unsigned char *buf, size_t *olen )
 {
     unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    size_t alpnlen = 0;
     const char **cur;
+    *olen = 0;
+
     if( ssl->conf->alpn_list == NULL )
     {
-        *olen = 0;
         return;
     }
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
+
+    for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
+        alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1;
+
+    if( end < p || (size_t)( end - p ) < 6 + alpnlen )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF );
     *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN      ) & 0xFF );
@@ -799,13 +909,13 @@
     ext_len += olen;
 #endif
+#if defined(MBEDTLS_SSL_ALPN)
+    ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
     ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_ALPN)
-    ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
     ext_len += olen;
 #endif
Modified: trunk/reactos/dll/3rdparty/mbedtls/ssl_srv.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/ssl_sr...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/ssl_srv.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/ssl_srv.c	[iso-8859-1] Mon Oct 12 12:47:42 2015
@@ -2351,6 +2351,7 @@
     size_t dn_size, total_dn_size; /* excluding length bytes */
     size_t ct_len, sa_len; /* including length bytes */
     unsigned char *buf, *p;
+    const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
     const mbedtls_x509_crt *crt;
     int authmode;
@@ -2471,10 +2472,14 @@
     total_dn_size = 0;
     while( crt != NULL && crt->version != 0 )
     {
-        if( p - buf > 4096 )
+        dn_size = crt->subject_raw.len;
+
+        if( end < p || (size_t)( end - p ) < 2 + dn_size )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
             break;
-
-        dn_size = crt->subject_raw.len;
+        }
+
         *p++ = (unsigned char)( dn_size >> 8 );
         *p++ = (unsigned char)( dn_size      );
         memcpy( p, crt->subject_raw.p, dn_size );
Modified: trunk/reactos/dll/3rdparty/mbedtls/ssl_tls.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/ssl_tl...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/ssl_tls.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/ssl_tls.c	[iso-8859-1] Mon Oct 12 12:47:42 2015
@@ -5707,7 +5707,9 @@
         ( conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ) ) == NULL )
     {
         mbedtls_free( conf->psk );
+        mbedtls_free( conf->psk_identity );
         conf->psk = NULL;
+        conf->psk_identity = NULL;
         return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
     }
@@ -5730,7 +5732,7 @@
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( ssl->handshake->psk != NULL )
-        mbedtls_free( ssl->conf->psk );
+        mbedtls_free( ssl->handshake->psk );
if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
     {
@@ -5831,6 +5833,9 @@
     hostname_len = strlen( hostname );
if( hostname_len + 1 == 0 )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
@@ -6993,7 +6998,7 @@
 #endif
/*
- * Load default in mbetls_ssl_config
+ * Load default in mbedtls_ssl_config
  */
 int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
                                  int endpoint, int transport, int preset )
Modified: trunk/reactos/media/doc/3rd Party Files.txt
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/media/doc/3rd%20Party%20Fil...
==============================================================================
--- trunk/reactos/media/doc/3rd Party Files.txt	[iso-8859-1] (original)
+++ trunk/reactos/media/doc/3rd Party Files.txt	[iso-8859-1] Mon Oct 12 12:47:42 2015
@@ -79,7 +79,7 @@
 Website: http://www.ijg.org/
Title: mbed TLS
-Used Version: 2.1.1
+Used Version: 2.1.2
 Website: https://tls.mbed.org/
Title: libpng

    