Merge remote-tracking branch 'origin/pr/2655' into development
* origin/pr/2655: Add negative test for malformed SAN Set next sequence of subject_alt_names to NULL
This commit is contained in:
commit
bb7a582865
3 changed files with 8 additions and 0 deletions
|
@ -46,6 +46,9 @@ Bugfix
|
||||||
for the parameter.
|
for the parameter.
|
||||||
* Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl
|
* Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl
|
||||||
sni entry parameter. Reported by inestlerode in #560.
|
sni entry parameter. Reported by inestlerode in #560.
|
||||||
|
* Set the next sequence of the subject_alt_name to NULL when deleting
|
||||||
|
sequence on failure. Found and fix suggested by Philippe Antoine.
|
||||||
|
Credit to OSS-Fuzz.
|
||||||
|
|
||||||
API Changes
|
API Changes
|
||||||
* Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
|
* Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
|
||||||
|
|
|
@ -681,6 +681,7 @@ static int x509_get_subject_alt_name( unsigned char **p,
|
||||||
sizeof( mbedtls_x509_sequence ) );
|
sizeof( mbedtls_x509_sequence ) );
|
||||||
mbedtls_free( seq_prv );
|
mbedtls_free( seq_prv );
|
||||||
}
|
}
|
||||||
|
subject_alt_name->next = NULL;
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1214,6 +1214,10 @@ X509 Certificate ASN1 (TBSCertificate v3, ext CertificatePolicies tag, qualifier
|
||||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
|
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
|
||||||
x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a301F0603551d2004183020301F0603551D200418301630140604551D2000300C300A06082B0601050507020101010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a301F0603551d2004183020301F0603551D200418301630140604551D2000300C300A06082B0601050507020101010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
|
X509 Certificate ASN1 (TBSCertificate v3, ext SubjectAlternativeName malformed)
|
||||||
|
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||||
|
x509parse_crt:"30820220308201ffa0030201020209202020202020202020300d06092a864886f70d01010505003045310b30090603202020130220203113301106032020200c0a202020202020202020203121301f06032020200c18202020202020202020202020202020202020202020202020301e170d3134303432333230353034305a170d3137303432323230353034305a3045310b30090603202020130220203113301106032020200c0a202020202020202020203121301f06032020200c1820202020202020202020202020202020202020202020202030819f300d06092a864886f70d010101050003818d003081890281812020202020202020ff20202020202020202020202020202020202020ff202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020ff020320ffffa350304e301d0603202020041620202020202020202020202020202020202020202020301f0603551d11041830169104202020208000be002020202020202020202020202020202020202020202020202020202020202020ff20202020202020202020202020202020202020ff2020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020ff2020ff202020202020202020202020202020ff2020202020202020202020202020202020202020202020202020":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, bool len missing)
|
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, bool len missing)
|
||||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
|
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
|
||||||
x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
Loading…
Reference in a new issue