mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-25 18:10:59 +00:00
Merge branch 'iotssl-1419-safermemcmp-volatile_backport-1.3' into mbedtls-1.3-restricted
This commit is contained in:
commit
c5926a7049
|
@ -10,6 +10,7 @@ Security
|
||||||
data is all zeros.
|
data is all zeros.
|
||||||
* Fix unsafe bounds check in ssl_parse_client_psk_identity() when adding
|
* Fix unsafe bounds check in ssl_parse_client_psk_identity() when adding
|
||||||
64kB to the address of the SSL buffer wraps around.
|
64kB to the address of the SSL buffer wraps around.
|
||||||
|
* Tighten should-be-constant-time memcmp against compiler optimizations.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix memory leak in ssl_set_hostname() when called multiple times.
|
* Fix memory leak in ssl_set_hostname() when called multiple times.
|
||||||
|
|
|
@ -2061,9 +2061,9 @@ int ssl_check_cert_usage( const x509_crt *cert,
|
||||||
static inline int safer_memcmp( const void *a, const void *b, size_t n )
|
static inline int safer_memcmp( const void *a, const void *b, size_t n )
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
const unsigned char *A = (const unsigned char *) a;
|
volatile const unsigned char *A = (volatile const unsigned char *) a;
|
||||||
const unsigned char *B = (const unsigned char *) b;
|
volatile const unsigned char *B = (volatile const unsigned char *) b;
|
||||||
unsigned char diff = 0;
|
volatile unsigned char diff = 0;
|
||||||
|
|
||||||
for( i = 0; i < n; i++ )
|
for( i = 0; i < n; i++ )
|
||||||
diff |= A[i] ^ B[i];
|
diff |= A[i] ^ B[i];
|
||||||
|
|
Loading…
Reference in a new issue