Merge branch 'mbedtls-1.3' into development

* mbedtls-1.3: fix bug in ssl_mail_client Adapt compat.sh to GnuTLS 3.4 Fix undefined behaviour in x509 Conflicts: programs/ssl/ssl_mail_client.c tests/compat.sh
2025-05-07 10:22:14 +00:00 · 2015-04-30 13:52:25 +02:00 · 2015-04-30 13:52:25 +02:00 · e36d56419e
parent da61ed3346 fa950c9480
commit e36d56419e
5 changed files with 11 additions and 4 deletions
--- a/4
+++ b/4
@ -117,6 +117,10 @@ Features
     errors on use of deprecated functions.
 Bugfix
   * Fix bug in ssl_mail_client when password is longer that username (found
     by Bruno Pape).
   * Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules
     (detected by Clang's 3.6 UBSan).
   * mpi_size() and mpi_msb() would segfault when called on an mpi that is
     initialized but not set (found by pravic).
   * Fix detection of support for getrandom() on Linux (reported by syzzer) by
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@ -463,7 +463,8 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
    if( crl->sig_oid.len != sig_oid2.len ||
        memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 ||
        sig_params1.len != sig_params2.len ||
-        memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
+        ( sig_params1.len != 0 &&
          memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
    {
        mbedtls_x509_crl_free( crl );
        return( MBEDTLS_ERR_X509_SIG_MISMATCH );
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -758,7 +758,8 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *
    if( crt->sig_oid.len != sig_oid2.len ||
        memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
        sig_params1.len != sig_params2.len ||
-        memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
+        ( sig_params1.len != 0 &&
          memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
    {
        mbedtls_x509_crt_free( crt );
        return( MBEDTLS_ERR_X509_SIG_MISMATCH );
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@ -711,7 +711,7 @@ int main( int argc, char *argv[] )
        mbedtls_printf( "  > Write username to server: %s", opt.user_name );
        fflush( stdout );
-        n = sizeof( buf );
+        n = sizeof( base );
        ret = mbedtls_base64_encode( base, &n, (const unsigned char *) opt.user_name,
                             strlen( opt.user_name ) );
@ -732,6 +732,7 @@ int main( int argc, char *argv[] )
        mbedtls_printf( "  > Write password to server: %s", opt.user_pwd );
        fflush( stdout );
        n = sizeof( base );
        ret = mbedtls_base64_encode( base, &n, (const unsigned char *) opt.user_pwd,
                             strlen( opt.user_pwd ) );
--- a/tests/compat.sh
+++ b/tests/compat.sh
@ -751,7 +751,7 @@ setup_arguments()
    P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
    O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE"
    G_SERVER_ARGS="-p $PORT --http $G_MODE"
-    G_SERVER_PRIO="EXPORT:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
+    G_SERVER_PRIO="NORMAL:+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
    # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes
    if is_dtls "$MODE"; then