mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 15:05:41 +00:00
Merge remote-tracking branch 'upstream-restricted/pr/458' into mbedtls-2.7-restricted-proposed
This commit is contained in:
commit
64540d9577
|
@ -23,6 +23,8 @@ Bugfix
|
||||||
overflow. #1179
|
overflow. #1179
|
||||||
* Fix memory allocation corner cases in memory_buffer_alloc.c module. Found
|
* Fix memory allocation corner cases in memory_buffer_alloc.c module. Found
|
||||||
by Guido Vranken. #639
|
by Guido Vranken. #639
|
||||||
|
* Fix X509 CRT parsing that would potentially accept an invalid tag when
|
||||||
|
parsing the subject alternative names.
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Clarify the documentation of mbedtls_ssl_setup.
|
* Clarify the documentation of mbedtls_ssl_setup.
|
||||||
|
|
|
@ -88,6 +88,21 @@
|
||||||
#define MBEDTLS_ASN1_PRIMITIVE 0x00
|
#define MBEDTLS_ASN1_PRIMITIVE 0x00
|
||||||
#define MBEDTLS_ASN1_CONSTRUCTED 0x20
|
#define MBEDTLS_ASN1_CONSTRUCTED 0x20
|
||||||
#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
|
#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Bit masks for each of the components of an ASN.1 tag as specified in
|
||||||
|
* ITU X.690 (08/2015), section 8.1 "General rules for encoding",
|
||||||
|
* paragraph 8.1.2.2:
|
||||||
|
*
|
||||||
|
* Bit 8 7 6 5 1
|
||||||
|
* +-------+-----+------------+
|
||||||
|
* | Class | P/C | Tag number |
|
||||||
|
* +-------+-----+------------+
|
||||||
|
*/
|
||||||
|
#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0
|
||||||
|
#define MBEDTLS_ASN1_TAG_PC_MASK 0x20
|
||||||
|
#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
|
||||||
|
|
||||||
/* \} name */
|
/* \} name */
|
||||||
/* \} addtogroup asn1_module */
|
/* \} addtogroup asn1_module */
|
||||||
|
|
||||||
|
|
|
@ -473,9 +473,12 @@ static int x509_get_subject_alt_name( unsigned char **p,
|
||||||
if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
|
if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
|
||||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
if( ( tag & MBEDTLS_ASN1_CONTEXT_SPECIFIC ) != MBEDTLS_ASN1_CONTEXT_SPECIFIC )
|
if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) !=
|
||||||
|
MBEDTLS_ASN1_CONTEXT_SPECIFIC )
|
||||||
|
{
|
||||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
||||||
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
|
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
|
||||||
|
}
|
||||||
|
|
||||||
/* Skip everything but DNS name */
|
/* Skip everything but DNS name */
|
||||||
if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )
|
if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )
|
||||||
|
|
|
@ -1144,6 +1144,10 @@ x509parse_crt:"30173015a0030201038204deadbeef30080604cafed00d0500":"":MBEDTLS_ER
|
||||||
X509 Certificate ASN1 (invalid version overflow)
|
X509 Certificate ASN1 (invalid version overflow)
|
||||||
x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
|
x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
|
||||||
|
|
||||||
|
X509 Certificate ASN1 (invalid SubjectAltNames tag)
|
||||||
|
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||||
|
x509parse_crt:"308203723082025AA003020102020111300D06092A864886F70D0101050500303B310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C3119301706035504031310506F6C617253534C2054657374204341301E170D3132303531303133323334315A170D3232303531313133323334315A303A310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C311830160603550403130F7777772E6578616D706C652E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100B93C4AC5C8A38E9017A49E52AA7175266180E7C7B56D8CFFAAB64126B7BE11AD5C73160C64114804FFD6E13B05DB89BBB39709D51C14DD688739B03D71CBE276D01AD8182D801B54F6E5449AF1CBAF612EDF490D9D09B7EDB1FD3CFD3CFA24CF5DBF7CE453E725B5EA4422E926D3EA20949EE66167BA2E07670B032FA209EDF0338F0BCE10EF67A4C608DAC1EDC23FD74ADD153DF95E1C8160463EB5B33D2FA6DE471CBC92AEEBDF276B1656B7DCECD15557A56EEC7525F5B77BDFABD23A5A91987D97170B130AA76B4A8BC14730FB3AF84104D5C1DFB81DBF7B01A565A2E01E36B7A65CCC305AF8CD6FCDF1196225CA01E3357FFA20F5DCFD69B26A007D17F70203010001A38181307F30090603551D1304023000301D0603551D0E041604147DE49C6BE6F9717D46D2123DAD6B1DFDC2AA784C301F0603551D23041830168014B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF30320603551D11042B3029C20B6578616D706C652E636F6D820B6578616D706C652E6E6574820D2A2E6578616D706C652E6F7267300D06092A864886F70D010105050003820101004F09CB7AD5EEF5EF620DDC7BA285D68CCA95B46BDA115B92007513B9CA0BCEEAFBC31FE23F7F217479E2E6BCDA06E52F6FF655C67339CF48BC0D2F0CD27A06C34A4CD9485DA0D07389E4D4851D969A0E5799C66F1D21271F8D0529E840AE823968C39707CF3C934C1ADF2FA6A455487F7C8C1AC922DA24CD9239C68AECB08DF5698267CB04EEDE534196C127DC2FFE33FAD30EB8D432A9842853A5F0D189D5A298E71691BB9CC0418E8C58ACFFE3DD2E7AABB0B97176AD0F2733F7A929D3C076C0BF06407C0ED5A47C8AE2326E16AEDA641FB0557CDBDDF1A4BA447CB39958D2346E00EA976C143AF2101E0AA249107601F4F2C818FDCC6346128B091BF194E6":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||||
|
|
||||||
X509 CRL ASN1 (Incorrect first tag)
|
X509 CRL ASN1 (Incorrect first tag)
|
||||||
x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT
|
x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue