Document precoditions on some HS parsing/writing functions Eventually, all HS parsing/writing functions should take an arbitrary buffer + length pair as their argument, and return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if the provided buffer is too short. So far, we've only made a first step by allowing to pass an arbitrary buffer, but don't yet add bounds checks throughout. While deliberate for now, this must be clearly documented.

commit: 4e467098000dafa7b9ce0a55dd6243d117f6af90 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Mon Aug 12 15:12:35 2019 +0100
committer: Hanno Becker <hanno.becker@arm.com> Mon Aug 12 17:05:03 2019 +0100
tree: 05bc70897f5d57806b96b2bcf28bc8d94a20a840
parent: 7d552fad652574dd8969fa8059ae2d5f794423fb [diff] [blame]
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index fd6b90d..83e7f25 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -3460,6 +3460,11 @@
     return( 0 );
 }
 
+/* Warning: Despite accepting a length argument, this function is currently
+ * still lacking some bounds checks and assumes that `buf` has length
+ * `MBEDTLS_SSL_OUT_CONTENT_LEN`. Eventually, it should be rewritten to work
+ * with any buffer + length pair, returning MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
+ * on insufficient writing space. */
 static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
                                           unsigned char *buf,
                                           size_t buflen,
commit	4e467098000dafa7b9ce0a55dd6243d117f6af90	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Mon Aug 12 15:12:35 2019 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Mon Aug 12 17:05:03 2019 +0100
tree	05bc70897f5d57806b96b2bcf28bc8d94a20a840
parent	7d552fad652574dd8969fa8059ae2d5f794423fb [diff] [blame]