mbedtls/ChangeLog.d/uniformize_bounds_checks.txt

Bugfix
   * Add additional bounds checks in ssl_write_client_hello() preventing
     output buffer overflow if the configuration declared a buffer that was
     too small.
Changes
   * Abort the ClientHello writing function as soon as some extension doesn't
     fit into the record buffer. Previously, such extensions were silently
     dropped. As a consequence, the TLS handshake now fails when the output
     buffer is not large enough to hold the ClientHello.
Uniformize bounds checks using new macro This commit uses the previously defined macro to uniformize bounds checks in several places. It also adds bounds checks to the ClientHello writing function that were previously missing. Also, the functions adding extensions to the ClientHello message can now fail if the buffer is too small or a different error condition occurs, and moreover they take an additional buffer end parameter to free them from the assumption that one is writing to the default output buffer. Signed-off-by: Ronald Cron <ronald.cron@arm.com> 2017-04-12 15:54:42 +02:00			`Bugfix`
			`* Add additional bounds checks in ssl_write_client_hello() preventing`
			`output buffer overflow if the configuration declared a buffer that was`
			`too small.`
			`Changes`
			`* Abort the ClientHello writing function as soon as some extension doesn't`
			`fit into the record buffer. Previously, such extensions were silently`
			`dropped. As a consequence, the TLS handshake now fails when the output`
			`buffer is not large enough to hold the ClientHello.`