Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3: fix bug in ssl_mail_client Adapt compat.sh to GnuTLS 3.4 Fix undefined behaviour in x509 Conflicts: programs/ssl/ssl_mail_client.c tests/compat.sh
This commit is contained in:
commit
e36d56419e
@ -117,6 +117,10 @@ Features
|
||||
errors on use of deprecated functions.
|
||||
|
||||
Bugfix
|
||||
* Fix bug in ssl_mail_client when password is longer that username (found
|
||||
by Bruno Pape).
|
||||
* Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules
|
||||
(detected by Clang's 3.6 UBSan).
|
||||
* mpi_size() and mpi_msb() would segfault when called on an mpi that is
|
||||
initialized but not set (found by pravic).
|
||||
* Fix detection of support for getrandom() on Linux (reported by syzzer) by
|
||||
|
@ -463,7 +463,8 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
|
||||
if( crl->sig_oid.len != sig_oid2.len ||
|
||||
memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 ||
|
||||
sig_params1.len != sig_params2.len ||
|
||||
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
|
||||
( sig_params1.len != 0 &&
|
||||
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
|
||||
{
|
||||
mbedtls_x509_crl_free( crl );
|
||||
return( MBEDTLS_ERR_X509_SIG_MISMATCH );
|
||||
|
@ -758,7 +758,8 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *
|
||||
if( crt->sig_oid.len != sig_oid2.len ||
|
||||
memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
|
||||
sig_params1.len != sig_params2.len ||
|
||||
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
|
||||
( sig_params1.len != 0 &&
|
||||
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
|
||||
{
|
||||
mbedtls_x509_crt_free( crt );
|
||||
return( MBEDTLS_ERR_X509_SIG_MISMATCH );
|
||||
|
@ -711,7 +711,7 @@ int main( int argc, char *argv[] )
|
||||
mbedtls_printf( " > Write username to server: %s", opt.user_name );
|
||||
fflush( stdout );
|
||||
|
||||
n = sizeof( buf );
|
||||
n = sizeof( base );
|
||||
ret = mbedtls_base64_encode( base, &n, (const unsigned char *) opt.user_name,
|
||||
strlen( opt.user_name ) );
|
||||
|
||||
@ -732,6 +732,7 @@ int main( int argc, char *argv[] )
|
||||
mbedtls_printf( " > Write password to server: %s", opt.user_pwd );
|
||||
fflush( stdout );
|
||||
|
||||
n = sizeof( base );
|
||||
ret = mbedtls_base64_encode( base, &n, (const unsigned char *) opt.user_pwd,
|
||||
strlen( opt.user_pwd ) );
|
||||
|
||||
|
@ -751,7 +751,7 @@ setup_arguments()
|
||||
P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
|
||||
O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE"
|
||||
G_SERVER_ARGS="-p $PORT --http $G_MODE"
|
||||
G_SERVER_PRIO="EXPORT:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
|
||||
G_SERVER_PRIO="NORMAL:+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
|
||||
|
||||
# with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes
|
||||
if is_dtls "$MODE"; then
|
||||
|
Loading…
Reference in New Issue
Block a user