[tfaber] 75100: [MBEDTLS] - Update to version 2.4.2 CORE-13451 - Ros-diffs

18 Jun 2017

Author: tfaber
Date: Sun Jun 18 17:25:30 2017
New Revision: 75100
URL: http://svn.reactos.org/svn/reactos?rev=75100&view=rev
Log:
[MBEDTLS]
- Update to version 2.4.2
CORE-13451
Modified:
    trunk/reactos/dll/3rdparty/mbedtls/base64.c
    trunk/reactos/dll/3rdparty/mbedtls/bignum.c
    trunk/reactos/dll/3rdparty/mbedtls/cipher.c
    trunk/reactos/dll/3rdparty/mbedtls/cmac.c
    trunk/reactos/dll/3rdparty/mbedtls/ctr_drbg.c
    trunk/reactos/dll/3rdparty/mbedtls/debug.c
    trunk/reactos/dll/3rdparty/mbedtls/ecp_curves.c
    trunk/reactos/dll/3rdparty/mbedtls/md2.c
    trunk/reactos/dll/3rdparty/mbedtls/net_sockets.c
    trunk/reactos/dll/3rdparty/mbedtls/pem.c
    trunk/reactos/dll/3rdparty/mbedtls/pk.c
    trunk/reactos/dll/3rdparty/mbedtls/pk_wrap.c
    trunk/reactos/dll/3rdparty/mbedtls/pkparse.c
    trunk/reactos/dll/3rdparty/mbedtls/platform.c
    trunk/reactos/dll/3rdparty/mbedtls/ssl_cookie.c
    trunk/reactos/dll/3rdparty/mbedtls/ssl_tls.c
    trunk/reactos/dll/3rdparty/mbedtls/x509.c
    trunk/reactos/dll/3rdparty/mbedtls/x509_crl.c
    trunk/reactos/dll/3rdparty/mbedtls/x509_crt.c
    trunk/reactos/dll/3rdparty/mbedtls/x509_csr.c
    trunk/reactos/sdk/include/reactos/libs/mbedtls/cmac.h
    trunk/reactos/sdk/include/reactos/libs/mbedtls/compat-1.3.h
    trunk/reactos/sdk/include/reactos/libs/mbedtls/config.h
    trunk/reactos/sdk/include/reactos/libs/mbedtls/rsa.h
    trunk/reactos/sdk/include/reactos/libs/mbedtls/ssl.h
    trunk/reactos/sdk/include/reactos/libs/mbedtls/version.h
    trunk/reactos/sdk/include/reactos/libs/mbedtls/x509.h
Modified: trunk/reactos/dll/3rdparty/mbedtls/base64.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/base64...
==============================================================================

--- trunk/reactos/dll/3rdparty/mbedtls/base64.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/base64.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -194,7 +194,11 @@
         return( 0 );
     }
-    n = ( ( n * 6 ) + 7 ) >> 3;
+    /* The following expression is to calculate the following formula without
+     * risk of integer overflow in n:
+     *     n = ( ( n * 6 ) + 7 ) >> 3;
+     */
+    n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
     n -= j;
if( dst == NULL || dlen < n )
Modified: trunk/reactos/dll/3rdparty/mbedtls/bignum.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/bignum...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/bignum.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/bignum.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -536,7 +536,12 @@
     n = mbedtls_mpi_bitlen( X );
     if( radix >=  4 ) n >>= 1;
     if( radix >= 16 ) n >>= 1;
-    n += 3;
+    /*
+     * Round up the buffer length to an even value to ensure that there is
+     * enough room for hexadecimal values that can be represented in an odd
+     * number of digits.
+     */
+    n += 3 + ( ( n + 1 ) & 1 );
if( buflen < n )
     {
Modified: trunk/reactos/dll/3rdparty/mbedtls/cipher.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/cipher...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/cipher.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/cipher.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -328,9 +328,9 @@
          * If there is not enough data for a full block, cache it.
          */
         if( ( ctx->operation == MBEDTLS_DECRYPT &&
-                ilen + ctx->unprocessed_len <= block_size ) ||
+                ilen <= block_size - ctx->unprocessed_len ) ||
              ( ctx->operation == MBEDTLS_ENCRYPT &&
-                ilen + ctx->unprocessed_len < block_size ) )
+                ilen < block_size - ctx->unprocessed_len ) )
         {
             memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
                     ilen );
Modified: trunk/reactos/dll/3rdparty/mbedtls/cmac.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/cmac.c...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/cmac.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/cmac.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -28,7 +28,7 @@
  *
  * - NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The
  *      CMAC Mode for Authentication
- *   http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38b.pdf
+ *   http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf
  *
  * - RFC 4493 - The AES-CMAC Algorithm
  *   https://tools.ietf.org/html/rfc4493
@@ -64,7 +64,7 @@
 #if defined(MBEDTLS_SELF_TEST)
 #include <stdio.h>
 #define mbedtls_printf     printf
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C || MBEDTLS_DES_C */
+#endif /* MBEDTLS_SELF_TEST */
 #endif /* MBEDTLS_PLATFORM_C */
/* Implementation that should never be optimized out by the compiler */
@@ -82,7 +82,7 @@
  *   with R_64 = 0x1B and  R_128 = 0x87
  *
  * Input and output MUST NOT point to the same buffer
- * Block size must be 8 byes or 16 bytes - the block sizes for DES and AES.
+ * Block size must be 8 bytes or 16 bytes - the block sizes for DES and AES.
  */
 static int cmac_multiply_by_u( unsigned char *output,
                                const unsigned char *input,
@@ -107,7 +107,7 @@
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
     }
-    for( i = blocksize - 1; i >= 0; i-- )
+    for( i = (int)blocksize - 1; i >= 0; i-- )
     {
         output[i] = input[i] << 1 | overflow;
         overflow = input[i] >> 7;
@@ -211,7 +211,7 @@
     if( ctx == NULL || ctx->cipher_info == NULL || key == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    if( ( retval = mbedtls_cipher_setkey( ctx, key, keybits,
+    if( ( retval = mbedtls_cipher_setkey( ctx, key, (int)keybits,
                                           MBEDTLS_ENCRYPT ) ) != 0 )
         return( retval );
@@ -246,8 +246,8 @@
 {
     mbedtls_cmac_context_t* cmac_ctx;
     unsigned char *state;
-    int n, j, ret = 0;
-    size_t olen, block_size;
+    int ret = 0;
+    size_t n, j, olen, block_size;
if( ctx == NULL || ctx->cipher_info == NULL || input == NULL ||
         ctx->cmac_ctx == NULL )
@@ -282,8 +282,9 @@
     /* n is the number of blocks including any final partial block */
     n = ( ilen + block_size - 1 ) / block_size;
-   /* Iterate across the input data in block sized chunks */
-    for( j = 0; j < n - 1; j++ )
+    /* Iterate across the input data in block sized chunks, excluding any
+     * final partial or complete block */
+    for( j = 1; j < n; j++ )
     {
         cmac_xor_block( state, input, state, block_size );
@@ -471,8 +472,9 @@
#if defined(MBEDTLS_SELF_TEST)
 /*
- * CMAC test data from SP800-38B Appendix D.1 (corrected)
- * http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf
+ * CMAC test data for SP800-38B
+ * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/AES_CMAC.pdf
+ * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/TDES_CMAC.pdf
  *
  * AES-CMAC-PRF-128 test data from RFC 4615
  * https://tools.ietf.org/html/rfc4615#page-4
@@ -484,128 +486,148 @@
 #if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C)
 /* All CMAC test inputs are truncated from the same 64 byte buffer. */
 static const unsigned char test_message[] = {
-    0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
-    0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
-    0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
-    0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
-    0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
-    0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
-    0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
-    0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
+    /* PT */
+    0x6b, 0xc1, 0xbe, 0xe2,     0x2e, 0x40, 0x9f, 0x96,
+    0xe9, 0x3d, 0x7e, 0x11,     0x73, 0x93, 0x17, 0x2a,
+    0xae, 0x2d, 0x8a, 0x57,     0x1e, 0x03, 0xac, 0x9c,
+    0x9e, 0xb7, 0x6f, 0xac,     0x45, 0xaf, 0x8e, 0x51,
+    0x30, 0xc8, 0x1c, 0x46,     0xa3, 0x5c, 0xe4, 0x11,
+    0xe5, 0xfb, 0xc1, 0x19,     0x1a, 0x0a, 0x52, 0xef,
+    0xf6, 0x9f, 0x24, 0x45,     0xdf, 0x4f, 0x9b, 0x17,
+    0xad, 0x2b, 0x41, 0x7b,     0xe6, 0x6c, 0x37, 0x10
 };
 #endif /* MBEDTLS_AES_C || MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C)
 /* Truncation point of message for AES CMAC tests  */
 static const  unsigned int  aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
+    /* Mlen */
     0,
     16,
-    40,
+    20,
     64
 };
-/* AES 128 CMAC Test Data */
+/* CMAC-AES128 Test Data */
 static const unsigned char aes_128_key[16] = {
-    0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
-    0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
+    0x2b, 0x7e, 0x15, 0x16,     0x28, 0xae, 0xd2, 0xa6,
+    0xab, 0xf7, 0x15, 0x88,     0x09, 0xcf, 0x4f, 0x3c
 };
 static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
     {
-        0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66,
-        0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde
-    },
-    {
-        0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc,
-        0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b
+        /* K1 */
+        0xfb, 0xee, 0xd6, 0x18,     0x35, 0x71, 0x33, 0x66,
+        0x7c, 0x85, 0xe0, 0x8f,     0x72, 0x36, 0xa8, 0xde
+    },
+    {
+        /* K2 */
+        0xf7, 0xdd, 0xac, 0x30,     0x6a, 0xe2, 0x66, 0xcc,
+        0xf9, 0x0b, 0xc1, 0x1e,     0xe4, 0x6d, 0x51, 0x3b
     }
 };
 static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
     {
-        0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
-        0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
-    },
-    {
-        0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
-        0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
-    },
-    {
-        0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
-        0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
-    },
-    {
-        0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
-        0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
-    }
-};
-
-/* AES 192 CMAC Test Data */
+        /* Example #1 */
+        0xbb, 0x1d, 0x69, 0x29,     0xe9, 0x59, 0x37, 0x28,
+        0x7f, 0xa3, 0x7d, 0x12,     0x9b, 0x75, 0x67, 0x46
+    },
+    {
+        /* Example #2 */
+        0x07, 0x0a, 0x16, 0xb4,     0x6b, 0x4d, 0x41, 0x44,
+        0xf7, 0x9b, 0xdd, 0x9d,     0xd0, 0x4a, 0x28, 0x7c
+    },
+    {
+        /* Example #3 */
+        0x7d, 0x85, 0x44, 0x9e,     0xa6, 0xea, 0x19, 0xc8,
+        0x23, 0xa7, 0xbf, 0x78,     0x83, 0x7d, 0xfa, 0xde
+    },
+    {
+        /* Example #4 */
+        0x51, 0xf0, 0xbe, 0xbf,     0x7e, 0x3b, 0x9d, 0x92,
+        0xfc, 0x49, 0x74, 0x17,     0x79, 0x36, 0x3c, 0xfe
+    }
+};
+
+/* CMAC-AES192 Test Data */
 static const unsigned char aes_192_key[24] = {
-    0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
-    0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
-    0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
+    0x8e, 0x73, 0xb0, 0xf7,     0xda, 0x0e, 0x64, 0x52,
+    0xc8, 0x10, 0xf3, 0x2b,     0x80, 0x90, 0x79, 0xe5,
+    0x62, 0xf8, 0xea, 0xd2,     0x52, 0x2c, 0x6b, 0x7b
 };
 static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
     {
-        0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27,
-        0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96
-    },
-    {
-        0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e,
-        0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c
+        /* K1 */
+        0x44, 0x8a, 0x5b, 0x1c,     0x93, 0x51, 0x4b, 0x27,
+        0x3e, 0xe6, 0x43, 0x9d,     0xd4, 0xda, 0xa2, 0x96
+    },
+    {
+        /* K2 */
+        0x89, 0x14, 0xb6, 0x39,     0x26, 0xa2, 0x96, 0x4e,
+        0x7d, 0xcc, 0x87, 0x3b,     0xa9, 0xb5, 0x45, 0x2c
     }
 };
 static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
     {
-        0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
-        0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
-    },
-    {
-        0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
-        0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
-    },
-    {
-        0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad,
-        0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e
-    },
-    {
-        0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
-        0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
-    }
-};
-
-/* AES 256 CMAC Test Data */
+        /* Example #1 */
+        0xd1, 0x7d, 0xdf, 0x46,     0xad, 0xaa, 0xcd, 0xe5,
+        0x31, 0xca, 0xc4, 0x83,     0xde, 0x7a, 0x93, 0x67
+    },
+    {
+        /* Example #2 */
+        0x9e, 0x99, 0xa7, 0xbf,     0x31, 0xe7, 0x10, 0x90,
+        0x06, 0x62, 0xf6, 0x5e,     0x61, 0x7c, 0x51, 0x84
+    },
+    {
+        /* Example #3 */
+        0x3d, 0x75, 0xc1, 0x94,     0xed, 0x96, 0x07, 0x04,
+        0x44, 0xa9, 0xfa, 0x7e,     0xc7, 0x40, 0xec, 0xf8
+    },
+    {
+        /* Example #4 */
+        0xa1, 0xd5, 0xdf, 0x0e,     0xed, 0x79, 0x0f, 0x79,
+        0x4d, 0x77, 0x58, 0x96,     0x59, 0xf3, 0x9a, 0x11
+    }
+};
+
+/* CMAC-AES256 Test Data */
 static const unsigned char aes_256_key[32] = {
-    0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
-    0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
-    0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
-    0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
+    0x60, 0x3d, 0xeb, 0x10,     0x15, 0xca, 0x71, 0xbe,
+    0x2b, 0x73, 0xae, 0xf0,     0x85, 0x7d, 0x77, 0x81,
+    0x1f, 0x35, 0x2c, 0x07,     0x3b, 0x61, 0x08, 0xd7,
+    0x2d, 0x98, 0x10, 0xa3,     0x09, 0x14, 0xdf, 0xf4
 };
 static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
     {
-        0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac,
-        0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f
-    },
-    {
-        0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58,
-        0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9
+        /* K1 */
+        0xca, 0xd1, 0xed, 0x03,     0x29, 0x9e, 0xed, 0xac,
+        0x2e, 0x9a, 0x99, 0x80,     0x86, 0x21, 0x50, 0x2f
+    },
+    {
+        /* K2 */
+        0x95, 0xa3, 0xda, 0x06,     0x53, 0x3d, 0xdb, 0x58,
+        0x5d, 0x35, 0x33, 0x01,     0x0c, 0x42, 0xa0, 0xd9
     }
 };
 static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
     {
-        0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
-        0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
-    },
-    {
-        0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
-        0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
-    },
-    {
-        0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2,
-        0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6
-    },
-    {
-        0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
-        0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
+        /* Example #1 */
+        0x02, 0x89, 0x62, 0xf6,     0x1b, 0x7b, 0xf8, 0x9e,
+        0xfc, 0x6b, 0x55, 0x1f,     0x46, 0x67, 0xd9, 0x83
+    },
+    {
+        /* Example #2 */
+        0x28, 0xa7, 0x02, 0x3f,     0x45, 0x2e, 0x8f, 0x82,
+        0xbd, 0x4b, 0xf2, 0x8d,     0x8c, 0x37, 0xc3, 0x5c
+    },
+    {
+        /* Example #3 */
+        0x15, 0x67, 0x27, 0xdc,     0x08, 0x78, 0x94, 0x4a,
+        0x02, 0x3c, 0x1f, 0xe0,     0x3b, 0xad, 0x6d, 0x93
+    },
+    {
+        /* Example #4 */
+        0xe1, 0x99, 0x21, 0x90,     0x54, 0x9f, 0x6e, 0xd5,
+        0x69, 0x6a, 0x2c, 0x05,     0x6c, 0x31, 0x54, 0x10
     }
 };
 #endif /* MBEDTLS_AES_C */
@@ -614,66 +636,84 @@
 /* Truncation point of message for 3DES CMAC tests  */
 static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
     0,
-    8,
+    16,
     20,
     32
 };
-/* 3DES 2 Key CMAC Test Data */
+/* CMAC-TDES (Generation) - 2 Key Test Data */
 static const unsigned char des3_2key_key[24] = {
-    0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5,
-    0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38,
-    0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5
+    /* Key1 */
+    0x01, 0x23, 0x45, 0x67,     0x89, 0xab, 0xcd, 0xef,
+    /* Key2 */
+    0x23, 0x45, 0x67, 0x89,     0xab, 0xcd, 0xEF, 0x01,
+    /* Key3 */
+    0x01, 0x23, 0x45, 0x67,     0x89, 0xab, 0xcd, 0xef
 };
 static const unsigned char des3_2key_subkeys[2][8] = {
     {
-        0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef
-    },
-    {
-        0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5
+        /* K1 */
+        0x0d, 0xd2, 0xcb, 0x7a,     0x3d, 0x88, 0x88, 0xd9
+    },
+    {
+        /* K2 */
+        0x1b, 0xa5, 0x96, 0xf4,     0x7b, 0x11, 0x11, 0xb2
     }
 };
 static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
     {
-        0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61
-    },
-    {
-        0x4f, 0xf2, 0xab, 0x81, 0x3c, 0x53, 0xce, 0x83
-    },
-    {
-        0x62, 0xdd, 0x1b, 0x47, 0x19, 0x02, 0xbd, 0x4e
-    },
-    {
-        0x31, 0xb1, 0xe4, 0x31, 0xda, 0xbc, 0x4e, 0xb8
-    }
-};
-
-/* 3DES 3 Key CMAC Test Data */
+        /* Sample #1 */
+        0x79, 0xce, 0x52, 0xa7,     0xf7, 0x86, 0xa9, 0x60
+    },
+    {
+        /* Sample #2 */
+        0xcc, 0x18, 0xa0, 0xb7,     0x9a, 0xf2, 0x41, 0x3b
+    },
+    {
+        /* Sample #3 */
+        0xc0, 0x6d, 0x37, 0x7e,     0xcd, 0x10, 0x19, 0x69
+    },
+    {
+        /* Sample #4 */
+        0x9c, 0xd3, 0x35, 0x80,     0xf9, 0xb6, 0x4d, 0xfb
+    }
+};
+
+/* CMAC-TDES (Generation) - 3 Key Test Data */
 static const unsigned char des3_3key_key[24] = {
-    0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62,
-    0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58,
-    0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5
+    /* Key1 */
+    0x01, 0x23, 0x45, 0x67,     0x89, 0xaa, 0xcd, 0xef,
+    /* Key2 */
+    0x23, 0x45, 0x67, 0x89,     0xab, 0xcd, 0xef, 0x01,
+    /* Key3 */
+    0x45, 0x67, 0x89, 0xab,     0xcd, 0xef, 0x01, 0x23
 };
 static const unsigned char des3_3key_subkeys[2][8] = {
     {
-        0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f
-    },
-    {
-        0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5
+        /* K1 */
+        0x9d, 0x74, 0xe7, 0x39,     0x33, 0x17, 0x96, 0xc0
+    },
+    {
+        /* K2 */
+        0x3a, 0xe9, 0xce, 0x72,     0x66, 0x2f, 0x2d, 0x9b
     }
 };
 static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
     {
-        0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95
-    },
-    {
-        0x8e, 0x8f, 0x29, 0x31, 0x36, 0x28, 0x37, 0x97
-    },
-    {
-        0x74, 0x3d, 0xdb, 0xe0, 0xce, 0x2d, 0xc2, 0xed
-    },
-    {
-        0x33, 0xe6, 0xb1, 0x09, 0x24, 0x00, 0xea, 0xe5
+        /* Sample #1 */
+        0x7d, 0xb0, 0xd3, 0x7d,     0xf9, 0x36, 0xc5, 0x50
+    },
+    {
+        /* Sample #2 */
+        0x30, 0x23, 0x9c, 0xf1,     0xf5, 0x2e, 0x66, 0x09
+    },
+    {
+        /* Sample #3 */
+        0x6c, 0x9f, 0x3e, 0xe4,     0x92, 0x3f, 0x6b, 0xe2
+    },
+    {
+        /* Sample #4 */
+        0x99, 0x42, 0x9b, 0xd0,     0xbF, 0x79, 0x04, 0xe5
     }
 };
@@ -682,8 +722,9 @@
 #if defined(MBEDTLS_AES_C)
 /* AES AES-CMAC-PRF-128 Test Data */
 static const unsigned char PRFK[] = {
-    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    /* Key */
+    0x00, 0x01, 0x02, 0x03,     0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b,     0x0c, 0x0d, 0x0e, 0x0f,
     0xed, 0xcb
 };
@@ -694,25 +735,25 @@
     10
 };
-/* PRF M */
+/* Message */
 static const unsigned char PRFM[] = {
-    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x00, 0x01, 0x02, 0x03,     0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b,     0x0c, 0x0d, 0x0e, 0x0f,
     0x10, 0x11, 0x12, 0x13
 };
static const unsigned char PRFT[NB_PRF_TESTS][16] = {
     {
-        0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b,
-        0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a
-    },
-    {
-        0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52,
-        0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d
-    },
-    {
-        0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee,
-        0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d
+        0x84, 0xa3, 0x48, 0xa4,     0xa4, 0x5d, 0x23, 0x5b,
+        0xab, 0xff, 0xfc, 0x0d,     0x2b, 0x4d, 0xa0, 0x9a
+    },
+    {
+        0x98, 0x0a, 0xe8, 0x7b,     0x5f, 0x4c, 0x9c, 0x52,
+        0x14, 0xf5, 0xb6, 0xa8,     0x45, 0x5e, 0x4c, 0x2d
+    },
+    {
+        0x29, 0x0d, 0x9e, 0x11,     0x2e, 0xdb, 0x09, 0xee,
+        0x14, 0x1f, 0xcf, 0x64,     0xc0, 0xb7, 0x2f, 0x3d
     }
 };
 #endif /* MBEDTLS_AES_C */
Modified: trunk/reactos/dll/3rdparty/mbedtls/ctr_drbg.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/ctr_dr...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/ctr_drbg.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/ctr_drbg.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -292,7 +292,8 @@
     unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT];
     size_t seedlen = 0;
-    if( ctx->entropy_len + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
+    if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ||
+        len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
         return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT );
Modified: trunk/reactos/dll/3rdparty/mbedtls/debug.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/debug....
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/debug.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/debug.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -73,7 +73,7 @@
      */
 #if defined(MBEDTLS_THREADING_C)
     char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */
-    mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", ssl, str );
+    mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", (void*)ssl, str );
     ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr );
 #else
     ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
Modified: trunk/reactos/dll/3rdparty/mbedtls/ecp_curves.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/ecp_cu...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/ecp_curves.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/ecp_curves.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -1215,7 +1215,7 @@
     int ret;
     size_t i;
     mbedtls_mpi M, R;
-    mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R];
+    mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
if( N->n < p_limbs )
         return( 0 );
@@ -1237,7 +1237,7 @@
     memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
     if( shift != 0 )
         MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
-    M.n += R.n - adjust; /* Make room for multiplication by R */
+    M.n += R.n; /* Make room for multiplication by R */
/* N = A0 */
     if( mask != 0 )
@@ -1259,7 +1259,7 @@
     memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
     if( shift != 0 )
         MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
-    M.n += R.n - adjust; /* Make room for multiplication by R */
+    M.n += R.n; /* Make room for multiplication by R */
/* N = A0 */
     if( mask != 0 )
Modified: trunk/reactos/dll/3rdparty/mbedtls/md2.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/md2.c?...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/md2.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/md2.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -160,7 +160,7 @@
while( ilen > 0 )
     {
-        if( ctx->left + ilen > 16 )
+        if( ilen > 16 - ctx->left )
             fill = 16 - ctx->left;
         else
             fill = ilen;
Modified: trunk/reactos/dll/3rdparty/mbedtls/net_sockets.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/net_so...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/net_sockets.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/net_sockets.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -135,7 +135,8 @@
 /*
  * Initiate a TCP connection with host:port and the given protocol
  */
-int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto )
+int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host,
+                         const char *port, int proto )
 {
     int ret;
     struct addrinfo hints, *addr_list, *cur;
@@ -240,7 +241,7 @@
             }
         }
-        /* I we ever get there, it's a success */
+        /* Bind was successful */
         ret = 0;
         break;
     }
@@ -324,7 +325,7 @@
     {
         /* TCP: actual accept() */
         ret = client_ctx->fd = (int) accept( bind_ctx->fd,
-                                         (struct sockaddr *) &client_addr, &n );
+                                             (struct sockaddr *) &client_addr, &n );
     }
     else
     {
Modified: trunk/reactos/dll/3rdparty/mbedtls/pem.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/pem.c?...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/pem.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/pem.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -46,12 +46,12 @@
 #define mbedtls_free       free
 #endif
+#if defined(MBEDTLS_PEM_PARSE_C)
 /* Implementation that should never be optimized out by the compiler */
 static void mbedtls_zeroize( void *v, size_t n ) {
     volatile unsigned char *p = v; while( n-- ) *p++ = 0;
 }
-#if defined(MBEDTLS_PEM_PARSE_C)
 void mbedtls_pem_init( mbedtls_pem_context *ctx )
 {
     memset( ctx, 0, sizeof( mbedtls_pem_context ) );
@@ -251,7 +251,7 @@
enc = 0;
-    if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
+    if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
     {
 #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
     ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
@@ -264,22 +264,22 @@
#if defined(MBEDTLS_DES_C)
-        if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
+        if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
         {
             enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC;
s1 += 23;
-            if( pem_get_iv( s1, pem_iv, 8 ) != 0 )
+            if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 )
                 return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
s1 += 16;
         }
-        else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
+        else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
         {
             enc_alg = MBEDTLS_CIPHER_DES_CBC;
s1 += 18;
-            if( pem_get_iv( s1, pem_iv, 8) != 0 )
+            if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 )
                 return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
s1 += 16;
@@ -287,9 +287,11 @@
 #endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C)
-        if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
+        if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
         {
-            if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
+            if( s2 - s1 < 22 )
+                return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
+            else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
                 enc_alg = MBEDTLS_CIPHER_AES_128_CBC;
             else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
                 enc_alg = MBEDTLS_CIPHER_AES_192_CBC;
@@ -299,7 +301,7 @@
                 return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
s1 += 22;
-            if( pem_get_iv( s1, pem_iv, 16 ) != 0 )
+            if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 )
                 return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
s1 += 32;
@@ -318,7 +320,7 @@
           ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
     }
-    if( s1 == s2 )
+    if( s1 >= s2 )
         return( MBEDTLS_ERR_PEM_INVALID_DATA );
ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );
Modified: trunk/reactos/dll/3rdparty/mbedtls/pk.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/pk.c?r...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/pk.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/pk.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -31,6 +31,8 @@
 #include "mbedtls/pk.h"
 #include "mbedtls/pk_internal.h"
+#include "mbedtls/bignum.h"
+
 #if defined(MBEDTLS_RSA_C)
 #include "mbedtls/rsa.h"
 #endif
@@ -40,6 +42,8 @@
 #if defined(MBEDTLS_ECDSA_C)
 #include "mbedtls/ecdsa.h"
 #endif
+
+#include <limits.h>
/* Implementation that should never be optimized out by the compiler */
 static void mbedtls_zeroize( void *v, size_t n ) {
@@ -210,6 +214,11 @@
 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
         int ret;
         const mbedtls_pk_rsassa_pss_options *pss_opts;
+
+#if defined(MBEDTLS_HAVE_INT64)
+        if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
+            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#endif /* MBEDTLS_HAVE_INT64 */
if( options == NULL )
             return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -234,7 +243,7 @@
         return( 0 );
 #else
         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-#endif
+#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
     }
/* General case: no options */
Modified: trunk/reactos/dll/3rdparty/mbedtls/pk_wrap.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/pk_wra...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/pk_wrap.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/pk_wrap.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -32,6 +32,7 @@
/* Even if RSA not activated, for the sake of RSA-alt */
 #include "mbedtls/rsa.h"
+#include "mbedtls/bignum.h"
#include <string.h>
@@ -51,6 +52,8 @@
 #define mbedtls_free       free
 #endif
+#include <limits.h>
+
 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 /* Implementation that should never be optimized out by the compiler */
 static void mbedtls_zeroize( void *v, size_t n ) {
@@ -76,6 +79,11 @@
 {
     int ret;
+#if defined(MBEDTLS_HAVE_INT64)
+    if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#endif /* MBEDTLS_HAVE_INT64 */
+
     if( sig_len < ((mbedtls_rsa_context *) ctx)->len )
         return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
@@ -95,6 +103,11 @@
                    unsigned char *sig, size_t *sig_len,
                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 {
+#if defined(MBEDTLS_HAVE_INT64)
+    if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#endif /* MBEDTLS_HAVE_INT64 */
+
     *sig_len = ((mbedtls_rsa_context *) ctx)->len;
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
@@ -404,6 +417,11 @@
 {
     mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
+#if defined(MBEDTLS_HAVE_INT64)
+    if( UINT_MAX < hash_len )
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#endif /* MBEDTLS_HAVE_INT64 */
+
     *sig_len = rsa_alt->key_len_func( rsa_alt->key );
return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
Modified: trunk/reactos/dll/3rdparty/mbedtls/pkparse.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/pkpars...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/pkparse.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/pkparse.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -1189,12 +1189,12 @@
 #endif /* MBEDTLS_PEM_PARSE_C */
/*
-    * At this point we only know it's not a PEM formatted key. Could be any
-    * of the known DER encoded private key formats
-    *
-    * We try the different DER format parsers to see if one passes without
-    * error
-    */
+     * At this point we only know it's not a PEM formatted key. Could be any
+     * of the known DER encoded private key formats
+     *
+     * We try the different DER format parsers to see if one passes without
+     * error
+     */
 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
     if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
                                                   pwd, pwdlen ) ) == 0 )
Modified: trunk/reactos/dll/3rdparty/mbedtls/platform.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/platfo...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/platform.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/platform.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -239,7 +239,7 @@
     }
fclose( file );
-    return( n );
+    return( (int)n );
 }
int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len )
@@ -257,7 +257,7 @@
     }
fclose( file );
-    return( n );
+    return( (int)n );
 }
 #endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
Modified: trunk/reactos/dll/3rdparty/mbedtls/ssl_cookie.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/ssl_co...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/ssl_cookie.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/ssl_cookie.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -100,7 +100,7 @@
     mbedtls_md_free( &ctx->hmac_ctx );
#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
+    mbedtls_mutex_free( &ctx->mutex );
 #endif
mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
Modified: trunk/reactos/dll/3rdparty/mbedtls/ssl_tls.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/ssl_tl...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/ssl_tls.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/ssl_tls.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -3430,7 +3430,7 @@
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
     {
-        /* Dont check write errors as we can't do anything here.
+        /* Don't check write errors as we can't do anything here.
          * If the error is permanent we'll catch it later,
          * if it's not, then hopefully it'll work next time. */
         (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len );
@@ -6008,8 +6008,9 @@
     const char **p;
/*
-     * "Empty strings MUST NOT be included and byte strings MUST NOT be
-     * truncated". Check lengths now rather than later.
+     * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings
+     * MUST NOT be truncated."
+     * We check lengths now rather than later.
      */
     tot_len = 0;
     for( p = protos; *p != NULL; p++ )
@@ -6483,6 +6484,10 @@
  */
 static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
 {
+    size_t ep_len = ssl_ep_len( ssl );
+    int in_ctr_cmp;
+    int out_ctr_cmp;
+
     if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ||
         ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ||
         ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED )
@@ -6490,8 +6495,12 @@
         return( 0 );
     }
-    if( memcmp( ssl->in_ctr,  ssl->conf->renego_period, 8 ) <= 0 &&
-        memcmp( ssl->out_ctr, ssl->conf->renego_period, 8 ) <= 0 )
+    in_ctr_cmp = memcmp( ssl->in_ctr + ep_len,
+                        ssl->conf->renego_period + ep_len, 8 - ep_len );
+    out_ctr_cmp = memcmp( ssl->out_ctr + ep_len,
+                          ssl->conf->renego_period + ep_len, 8 - ep_len );
+
+    if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 )
     {
         return( 0 );
     }
@@ -7232,8 +7241,8 @@
#if defined(MBEDTLS_SSL_RENEGOTIATION)
     conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT;
-    memset( conf->renego_period, 0xFF, 7 );
-    conf->renego_period[7] = 0x00;
+    memset( conf->renego_period,     0x00, 2 );
+    memset( conf->renego_period + 2, 0xFF, 6 );
 #endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
@@ -7587,7 +7596,7 @@
  * and, for DTLS, to/from TLS equivalent.
  *
  * For TLS this is the identity.
- * For DTLS, use one complement (v -> 255 - v, and then map as follows:
+ * For DTLS, use 1's complement (v -> 255 - v, and then map as follows:
  * 1.0 <-> 3.2      (DTLS 1.0 is based on TLS 1.1)
  * 1.x <-> 3.x+1    for x != 0 (DTLS 1.2 based on TLS 1.2)
  */
@@ -7646,8 +7655,7 @@
 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
 #if defined(MBEDTLS_MD5_C)
         case MBEDTLS_SSL_HASH_MD5:
-            ssl->handshake->calc_verify = ssl_calc_verify_tls;
-            break;
+            return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
 #endif
 #if defined(MBEDTLS_SHA1_C)
         case MBEDTLS_SSL_HASH_SHA1:
Modified: trunk/reactos/dll/3rdparty/mbedtls/x509.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/x509.c...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/x509.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/x509.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -482,14 +482,20 @@
     }
 }
-static int x509_parse_int(unsigned char **p, unsigned n, int *res){
+static int x509_parse_int( unsigned char **p, size_t n, int *res )
+{
     *res = 0;
-    for( ; n > 0; --n ){
-        if( ( **p < '0') || ( **p > '9' ) ) return MBEDTLS_ERR_X509_INVALID_DATE;
+
+    for( ; n > 0; --n )
+    {
+        if( ( **p < '0') || ( **p > '9' ) )
+            return ( MBEDTLS_ERR_X509_INVALID_DATE );
+
         *res *= 10;
-        *res += (*(*p)++ - '0');
-    }
-    return 0;
+        *res += ( *(*p)++ - '0' );
+    }
+
+    return( 0 );
 }
static int x509_date_is_valid(const mbedtls_x509_time *time)
@@ -520,6 +526,70 @@
 }
/*
+ * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4)
+ * field.
+ */
+static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
+        mbedtls_x509_time *time )
+{
+    int ret;
+
+    /*
+     * Minimum length is 10 or 12 depending on yearlen
+     */
+    if ( len < yearlen + 8 )
+        return ( MBEDTLS_ERR_X509_INVALID_DATE );
+    len -= yearlen + 8;
+
+    /*
+     * Parse year, month, day, hour, minute
+     */
+    CHECK( x509_parse_int( p, yearlen, &time->year ) );
+    if ( 2 == yearlen )
+    {
+        if ( time->year < 50 )
+            time->year += 100;
+
+        time->year += 1900;
+    }
+
+    CHECK( x509_parse_int( p, 2, &time->mon ) );
+    CHECK( x509_parse_int( p, 2, &time->day ) );
+    CHECK( x509_parse_int( p, 2, &time->hour ) );
+    CHECK( x509_parse_int( p, 2, &time->min ) );
+
+    /*
+     * Parse seconds if present
+     */
+    if ( len >= 2 )
+    {
+        CHECK( x509_parse_int( p, 2, &time->sec ) );
+        len -= 2;
+    }
+    else
+        return ( MBEDTLS_ERR_X509_INVALID_DATE );
+
+    /*
+     * Parse trailing 'Z' if present
+     */
+    if ( 1 == len && 'Z' == **p )
+    {
+        (*p)++;
+        len--;
+    }
+
+    /*
+     * We should have parsed all characters at this point
+     */
+    if ( 0 != len )
+        return ( MBEDTLS_ERR_X509_INVALID_DATE );
+
+    CHECK( x509_date_is_valid( time ) );
+
+    return ( 0 );
+}
+
+/*
  *  Time ::= CHOICE {
  *       utcTime        UTCTime,
  *       generalTime    GeneralizedTime }
@@ -528,7 +598,7 @@
                    mbedtls_x509_time *time )
 {
     int ret;
-    size_t len;
+    size_t len, year_len;
     unsigned char tag;
if( ( end - *p ) < 1 )
@@ -538,55 +608,20 @@
     tag = **p;
if( tag == MBEDTLS_ASN1_UTC_TIME )
-    {
-        (*p)++;
-        ret = mbedtls_asn1_get_len( p, end, &len );
-
-        if( ret != 0 )
-            return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
-
-        CHECK( x509_parse_int( p, 2, &time->year ) );
-        CHECK( x509_parse_int( p, 2, &time->mon ) );
-        CHECK( x509_parse_int( p, 2, &time->day ) );
-        CHECK( x509_parse_int( p, 2, &time->hour ) );
-        CHECK( x509_parse_int( p, 2, &time->min ) );
-        if( len > 10 )
-            CHECK( x509_parse_int( p, 2, &time->sec ) );
-        if( len > 12 && *(*p)++ != 'Z' )
-            return( MBEDTLS_ERR_X509_INVALID_DATE );
-
-        time->year +=  100 * ( time->year < 50 );
-        time->year += 1900;
-
-        CHECK( x509_date_is_valid( time ) );
-
-        return( 0 );
-    }
+        year_len = 2;
     else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME )
-    {
-        (*p)++;
-        ret = mbedtls_asn1_get_len( p, end, &len );
-
-        if( ret != 0 )
-            return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
-
-        CHECK( x509_parse_int( p, 4, &time->year ) );
-        CHECK( x509_parse_int( p, 2, &time->mon ) );
-        CHECK( x509_parse_int( p, 2, &time->day ) );
-        CHECK( x509_parse_int( p, 2, &time->hour ) );
-        CHECK( x509_parse_int( p, 2, &time->min ) );
-        if( len > 12 )
-            CHECK( x509_parse_int( p, 2, &time->sec ) );
-        if( len > 14 && *(*p)++ != 'Z' )
-            return( MBEDTLS_ERR_X509_INVALID_DATE );
-
-        CHECK( x509_date_is_valid( time ) );
-
-        return( 0 );
-    }
+        year_len = 4;
     else
         return( MBEDTLS_ERR_X509_INVALID_DATE +
                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+
+    (*p)++;
+    ret = mbedtls_asn1_get_len( p, end, &len );
+
+    if( ret != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
+
+    return x509_parse_time( p, len, year_len, time );
 }
int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig )
@@ -663,7 +698,7 @@
/*
  * X.509 Extensions (No parsing of extensions, pointer should
- * be either manually updated or extensions should be parsed!
+ * be either manually updated or extensions should be parsed!)
  */
 int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
                   mbedtls_x509_buf *ext, int tag )
Modified: trunk/reactos/dll/3rdparty/mbedtls/x509_crl.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/x509_c...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/x509_crl.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/x509_crl.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -527,16 +527,17 @@
             if( ( ret = mbedtls_x509_crl_parse_der( chain,
                                             pem.buf, pem.buflen ) ) != 0 )
             {
+                mbedtls_pem_free( &pem );
                 return( ret );
             }
-
-            mbedtls_pem_free( &pem );
-        }
-        else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+        }
+        else if( is_pem )
         {
             mbedtls_pem_free( &pem );
             return( ret );
         }
+
+        mbedtls_pem_free( &pem );
     }
     /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
      * And a valid CRL cannot be less than 1 byte anyway. */
Modified: trunk/reactos/dll/3rdparty/mbedtls/x509_crt.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/x509_c...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/x509_crt.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/x509_crt.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -971,10 +971,8 @@
  */
 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
 {
-#ifndef __REACTOS__
+#if defined(MBEDTLS_PEM_PARSE_C)
     int success = 0, first_error = 0, total_failed = 0;
-#endif
-#if defined(MBEDTLS_PEM_PARSE_C)
     int buf_format = MBEDTLS_X509_FORMAT_DER;
 #endif
@@ -1126,7 +1124,7 @@
     p = filename + len;
     filename[len++] = '*';
-    w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir,
+    w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir,
                                  MAX_PATH - 3 );
     if( w_ret == 0 )
         return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
@@ -1908,6 +1906,7 @@
     int check_path_cnt;
     unsigned char hash[MBEDTLS_MD_MAX_SIZE];
     const mbedtls_md_info_t *md_info;
+    mbedtls_x509_crt *future_past_ca = NULL;
if( mbedtls_x509_time_is_past( &child->valid_to ) )
         *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
@@ -1962,16 +1961,6 @@
             continue;
         }
-        if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) )
-        {
-            continue;
-        }
-
-        if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
-        {
-            continue;
-        }
-
         if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk,
                            child->sig_md, hash, mbedtls_md_get_size( md_info ),
                            child->sig.p, child->sig.len ) != 0 )
@@ -1979,6 +1968,20 @@
             continue;
         }
+        if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ||
+            mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
+        {
+            if ( future_past_ca == NULL )
+                future_past_ca = trust_ca;
+
+            continue;
+        }
+
+        break;
+    }
+
+    if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL )
+    {
         /*
          * Top of chain is signed by a trusted CA
          */
@@ -1986,8 +1989,6 @@
if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 )
             *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
-
-        break;
     }
/*
@@ -2007,6 +2008,12 @@
         ((void) ca_crl);
 #endif
+        if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) )
+            ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED;
+
+        if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
+            ca_flags |= MBEDTLS_X509_BADCERT_FUTURE;
+
         if( NULL != f_vrfy )
         {
             if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1,
Modified: trunk/reactos/dll/3rdparty/mbedtls/x509_csr.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/x509_c...
==============================================================================
--- trunk/reactos/dll/3rdparty/mbedtls/x509_csr.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/3rdparty/mbedtls/x509_csr.c	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -267,8 +267,8 @@
  */
 int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen )
 {
+#if defined(MBEDTLS_PEM_PARSE_C)
     int ret;
-#if defined(MBEDTLS_PEM_PARSE_C)
     size_t use_len;
     mbedtls_pem_context pem;
 #endif
Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/cmac.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/mb...
==============================================================================
--- trunk/reactos/sdk/include/reactos/libs/mbedtls/cmac.h	[iso-8859-1] (original)
+++ trunk/reactos/sdk/include/reactos/libs/mbedtls/cmac.h	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -60,9 +60,13 @@
 /**
  * \brief               Set the CMAC key and prepare to authenticate the input
  *                      data.
- *                      Should be called with an initialised cipher context.
+ *                      Should be called with an initialized cipher context.
  *
- * \param ctx           Cipher context
+ * \param ctx           Cipher context. This should be a cipher context,
+ *                      initialized to be one of the following types:
+ *                      MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_CIPHER_AES_192_ECB,
+ *                      MBEDTLS_CIPHER_AES_256_ECB or
+ *                      MBEDTLS_CIPHER_DES_EDE3_ECB.
  * \param key           CMAC key
  * \param keybits       length of the CMAC key in bits
  *                      (must be acceptable by the cipher)
@@ -117,7 +121,7 @@
 int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
/**
- * \brief               Output = Generic_CMAC( hmac key, input buffer )
+ * \brief               Output = Generic_CMAC( cmac key, input buffer )
  *
  * \param cipher_info   message digest info
  * \param key           CMAC key
Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/compat-1.3.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/mb...
==============================================================================
--- trunk/reactos/sdk/include/reactos/libs/mbedtls/compat-1.3.h	[iso-8859-1] (original)
+++ trunk/reactos/sdk/include/reactos/libs/mbedtls/compat-1.3.h	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -2455,7 +2455,6 @@
 #define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
 #define ssl_set_authmode mbedtls_ssl_conf_authmode
 #define ssl_set_bio mbedtls_ssl_set_bio
-#define ssl_set_bio mbedtls_ssl_set_bio_timeout
 #define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
 #define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
 #define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites
Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/config.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/mb...
==============================================================================
--- trunk/reactos/sdk/include/reactos/libs/mbedtls/config.h	[iso-8859-1] (original)
+++ trunk/reactos/sdk/include/reactos/libs/mbedtls/config.h	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -1527,7 +1527,7 @@
  *          library/pkwrite.c
  *          library/x509_create.c
  *          library/x509write_crt.c
- *          library/mbedtls_x509write_csr.c
+ *          library/x509write_csr.c
  */
 #define MBEDTLS_ASN1_WRITE_C
@@ -1890,7 +1890,7 @@
  *
  * Enable the generic message digest layer.
  *
- * Module:  library/mbedtls_md.c
+ * Module:  library/md.c
  * Caller:
  *
  * Uncomment to enable generic message digest wrappers.
@@ -1902,7 +1902,7 @@
  *
  * Enable the MD2 hash algorithm.
  *
- * Module:  library/mbedtls_md2.c
+ * Module:  library/md2.c
  * Caller:
  *
  * Uncomment to enable support for (rare) MD2-signed X.509 certs.
@@ -1914,7 +1914,7 @@
  *
  * Enable the MD4 hash algorithm.
  *
- * Module:  library/mbedtls_md4.c
+ * Module:  library/md4.c
  * Caller:
  *
  * Uncomment to enable support for (rare) MD4-signed X.509 certs.
@@ -1926,8 +1926,8 @@
  *
  * Enable the MD5 hash algorithm.
  *
- * Module:  library/mbedtls_md5.c
- * Caller:  library/mbedtls_md.c
+ * Module:  library/md5.c
+ * Caller:  library/md.c
  *          library/pem.c
  *          library/ssl_tls.c
  *
@@ -1984,11 +1984,11 @@
  *          library/rsa.c
  *          library/x509.c
  *          library/x509_create.c
- *          library/mbedtls_x509_crl.c
- *          library/mbedtls_x509_crt.c
- *          library/mbedtls_x509_csr.c
+ *          library/x509_crl.c
+ *          library/x509_crt.c
+ *          library/x509_csr.c
  *          library/x509write_crt.c
- *          library/mbedtls_x509write_csr.c
+ *          library/x509write_csr.c
  *
  * This modules translates between OIDs and internal values.
  */
@@ -2016,9 +2016,9 @@
  * Module:  library/pem.c
  * Caller:  library/dhm.c
  *          library/pkparse.c
- *          library/mbedtls_x509_crl.c
- *          library/mbedtls_x509_crt.c
- *          library/mbedtls_x509_csr.c
+ *          library/x509_crl.c
+ *          library/x509_crt.c
+ *          library/x509_csr.c
  *
  * Requires: MBEDTLS_BASE64_C
  *
@@ -2034,7 +2034,7 @@
  * Module:  library/pem.c
  * Caller:  library/pkwrite.c
  *          library/x509write_crt.c
- *          library/mbedtls_x509write_csr.c
+ *          library/x509write_csr.c
  *
  * Requires: MBEDTLS_BASE64_C
  *
@@ -2064,8 +2064,8 @@
  * Enable the generic public (asymetric) key parser.
  *
  * Module:  library/pkparse.c
- * Caller:  library/mbedtls_x509_crt.c
- *          library/mbedtls_x509_csr.c
+ * Caller:  library/x509_crt.c
+ *          library/x509_csr.c
  *
  * Requires: MBEDTLS_PK_C
  *
@@ -2156,8 +2156,8 @@
  *
  * Enable the RIPEMD-160 hash algorithm.
  *
- * Module:  library/mbedtls_ripemd160.c
- * Caller:  library/mbedtls_md.c
+ * Module:  library/ripemd160.c
+ * Caller:  library/md.c
  *
  */
 #define MBEDTLS_RIPEMD160_C
@@ -2185,8 +2185,8 @@
  *
  * Enable the SHA1 cryptographic hash algorithm.
  *
- * Module:  library/mbedtls_sha1.c
- * Caller:  library/mbedtls_md.c
+ * Module:  library/sha1.c
+ * Caller:  library/md.c
  *          library/ssl_cli.c
  *          library/ssl_srv.c
  *          library/ssl_tls.c
@@ -2201,9 +2201,9 @@
  *
  * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
  *
- * Module:  library/mbedtls_sha256.c
+ * Module:  library/sha256.c
  * Caller:  library/entropy.c
- *          library/mbedtls_md.c
+ *          library/md.c
  *          library/ssl_cli.c
  *          library/ssl_srv.c
  *          library/ssl_tls.c
@@ -2218,9 +2218,9 @@
  *
  * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
  *
- * Module:  library/mbedtls_sha512.c
+ * Module:  library/sha512.c
  * Caller:  library/entropy.c
- *          library/mbedtls_md.c
+ *          library/md.c
  *          library/ssl_cli.c
  *          library/ssl_srv.c
  *
@@ -2368,9 +2368,9 @@
  * Enable X.509 core for using certificates.
  *
  * Module:  library/x509.c
- * Caller:  library/mbedtls_x509_crl.c
- *          library/mbedtls_x509_crt.c
- *          library/mbedtls_x509_csr.c
+ * Caller:  library/x509_crl.c
+ *          library/x509_crt.c
+ *          library/x509_csr.c
  *
  * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
  *           MBEDTLS_PK_PARSE_C
@@ -2384,7 +2384,7 @@
  *
  * Enable X.509 certificate parsing.
  *
- * Module:  library/mbedtls_x509_crt.c
+ * Module:  library/x509_crt.c
  * Caller:  library/ssl_cli.c
  *          library/ssl_srv.c
  *          library/ssl_tls.c
@@ -2400,8 +2400,8 @@
  *
  * Enable X.509 CRL parsing.
  *
- * Module:  library/mbedtls_x509_crl.c
- * Caller:  library/mbedtls_x509_crt.c
+ * Module:  library/x509_crl.c
+ * Caller:  library/x509_crt.c
  *
  * Requires: MBEDTLS_X509_USE_C
  *
@@ -2414,7 +2414,7 @@
  *
  * Enable X.509 Certificate Signing Request (CSR) parsing.
  *
- * Module:  library/mbedtls_x509_csr.c
+ * Module:  library/x509_csr.c
  * Caller:  library/x509_crt_write.c
  *
  * Requires: MBEDTLS_X509_USE_C
Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/rsa.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/mb...
==============================================================================
--- trunk/reactos/sdk/include/reactos/libs/mbedtls/rsa.h	[iso-8859-1] (original)
+++ trunk/reactos/sdk/include/reactos/libs/mbedtls/rsa.h	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -208,7 +208,7 @@
  * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
  *
  * \note           This function does NOT take care of message
- *                 padding. Also, be sure to set input[0] = 0 or assure that
+ *                 padding. Also, be sure to set input[0] = 0 or ensure that
  *                 input is smaller than N.
  *
  * \note           The input and output buffers must be large
Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/ssl.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/mb...
==============================================================================
--- trunk/reactos/sdk/include/reactos/libs/mbedtls/ssl.h	[iso-8859-1] (original)
+++ trunk/reactos/sdk/include/reactos/libs/mbedtls/ssl.h	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -1148,7 +1148,7 @@
  *
  * \note           See the documentation of \c mbedtls_ssl_set_timer_t and
  *                 \c mbedtls_ssl_get_timer_t for the conventions this pair of
- *                 callbacks must fallow.
+ *                 callbacks must follow.
  *
  * \note           On some platforms, timing.c provides
  *                 \c mbedtls_timing_set_delay() and
@@ -2185,7 +2185,7 @@
/**
  * \brief          Set record counter threshold for periodic renegotiation.
- *                 (Default: 2^64 - 256.)
+ *                 (Default: 2^48 - 1)
  *
  *                 Renegotiation is automatically triggered when a record
  *                 counter (outgoing or ingoing) crosses the defined
@@ -2196,9 +2196,17 @@
  *                 Lower values can be used to enforce policies such as "keys
  *                 must be refreshed every N packets with cipher X".
  *
+ *                 The renegotiation period can be disabled by setting
+ *                 conf->disable_renegotiation to
+ *                 MBEDTLS_SSL_RENEGOTIATION_DISABLED.
+ *
+ * \note           When the configured transport is
+ *                 MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation
+ *                 period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM,
+ *                 the maximum renegotiation period is 2^64 - 1.
+ *
  * \param conf     SSL configuration
  * \param period   The threshold value: a big-endian 64-bit number.
- *                 Set to 2^64 - 1 to disable periodic renegotiation
  */
 void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
                                    const unsigned char period[8] );
@@ -2430,7 +2438,7 @@
  * \param len      how many bytes must be written
  *
  * \return         the number of bytes actually written (may be less than len),
- *                 or MBEDTLS_ERR_SSL_WANT_WRITE of MBEDTLS_ERR_SSL_WANT_READ,
+ *                 or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ,
  *                 or another negative error code.
  *
  * \note           If this function returns something other than a positive
@@ -2515,7 +2523,6 @@
  * \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or
  *                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
  * \param preset   a MBEDTLS_SSL_PRESET_XXX value
- *                 (currently unused).
  *
  * \note           See \c mbedtls_ssl_conf_transport() for notes on DTLS.
  *
Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/version.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/mb...
==============================================================================
--- trunk/reactos/sdk/include/reactos/libs/mbedtls/version.h	[iso-8859-1] (original)
+++ trunk/reactos/sdk/include/reactos/libs/mbedtls/version.h	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -41,16 +41,16 @@
  */
 #define MBEDTLS_VERSION_MAJOR  2
 #define MBEDTLS_VERSION_MINOR  4
-#define MBEDTLS_VERSION_PATCH  0
+#define MBEDTLS_VERSION_PATCH  2
/**
  * The single version number has the following structure:
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define MBEDTLS_VERSION_NUMBER         0x02040000
-#define MBEDTLS_VERSION_STRING         "2.4.0"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.4.0"
+#define MBEDTLS_VERSION_NUMBER         0x02040200
+#define MBEDTLS_VERSION_STRING         "2.4.2"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.4.2"
#if defined(MBEDTLS_VERSION_C)
Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/x509.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/mb...
==============================================================================
--- trunk/reactos/sdk/include/reactos/libs/mbedtls/x509.h	[iso-8859-1] (original)
+++ trunk/reactos/sdk/include/reactos/libs/mbedtls/x509.h	[iso-8859-1] Sun Jun 18 17:25:30 2017
@@ -159,7 +159,7 @@
 #define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY          (1 << 13)
 #define MBEDTLS_X509_EXT_FRESHEST_CRL                (1 << 14)
-#define MBEDTLS_X509_EXT_NS_CERT_TYPE                (1 << 16)   /* Parsed (and then ?) */
+#define MBEDTLS_X509_EXT_NS_CERT_TYPE                (1 << 16)
/*
  * Storage format identifiers

    