AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Document that callbacks must not return arbitrary SSL errors

Browse Source
This commit is contained in:
Gilles Peskine 2018-04-26 11:50:07 +02:00
parent 8f97af7ea3
commit ac5e8a3286
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
include/mbedtls/ssl.h
View File

@ -611,7 +611,10 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
* processor does not support this key. The SSL stack will * processor does not support this key. The SSL stack will
* use the private key object instead. * use the private key object instead.
* \return Any other error indicates a fatal failure and is * \return Any other error indicates a fatal failure and is
* propagated up the call chain. * propagated up the call chain. The callback should
* use \c MBEDTLS_ERR_PK_xxx error codes, and <b>must not</b>
* use \c MBEDTLS_ERR_SSL_xxx error codes except as
* directed here.
*/ */
typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl, typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl,
mbedtls_x509_crt *cert, mbedtls_x509_crt *cert,
@ -659,7 +662,10 @@ typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl,
* processor does not support this key. The SSL stack will * processor does not support this key. The SSL stack will
* use the private key object instead. * use the private key object instead.
* \return Any other error indicates a fatal failure and is * \return Any other error indicates a fatal failure and is
* propagated up the call chain. * propagated up the call chain. The callback should
* use \c MBEDTLS_ERR_PK_xxx error codes, and <b>must not</b>
* use \c MBEDTLS_ERR_SSL_xxx error codes except as
* directed here.
*/ */
typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl, typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl,
mbedtls_x509_crt *cert, mbedtls_x509_crt *cert,
@ -699,7 +705,10 @@ typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl,
* on the SSL connection will call the resume callback * on the SSL connection will call the resume callback
* again. * again.
* \return Any other error means that the operation is aborted. * \return Any other error means that the operation is aborted.
* The SSL handshake is aborted. * The SSL handshake is aborted. The callback should
* use \c MBEDTLS_ERR_PK_xxx error codes, and <b>must not</b>
* use \c MBEDTLS_ERR_SSL_xxx error codes except as
* directed here.
*/ */
typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl, typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl,
unsigned char *output, unsigned char *output,