Merge remote-tracking branch 'public/pr/2856' into development
* public/pr/2856:
Fix issue #2718 (condition always false)
diff --git a/ChangeLog b/ChangeLog
index 917c521..5d49004 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,8 @@
Bugfix
* Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
MBEDTLS_SSL_HW_RECORD_ACCEL are enabled.
+ * Remove a spurious check in ssl_parse_client_psk_identity that triggered
+ a warning with some compilers. Fix contributed by irwir in #2856.
Changes
* Mbed Crypto is no longer a Git submodule. The crypto part of the library
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index c0b440a..ff6b7b6 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2344,7 +2344,7 @@
unsigned char *end )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
- size_t len;
+ uint16_t len;
((void) ssl);
/*
@@ -2361,7 +2361,7 @@
len = (*p)[0] << 8 | (*p)[1];
*p += 2;
- if( end - (*p) < (int) len )
+ if( end - (*p) < len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
"(psk_identity_hint length)" ) );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 469c67e..006bc69 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3812,7 +3812,7 @@
const unsigned char *end )
{
int ret = 0;
- size_t n;
+ uint16_t n;
if( ssl_conf_has_psk_or_cb( ssl->conf ) == 0 )
{
@@ -3832,7 +3832,7 @@
n = ( (*p)[0] << 8 ) | (*p)[1];
*p += 2;
- if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) )
+ if( n == 0 || n > end - *p )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );