Merge remote-tracking branch 'origin/pr/2655' into development

* origin/pr/2655:
  Add negative test for malformed SAN
  Set next sequence of subject_alt_names to NULL
This commit is contained in:
Jaeden Amero 2019-05-22 17:12:14 +01:00
commit bb7a582865
3 changed files with 8 additions and 0 deletions

View file

@ -46,6 +46,9 @@ Bugfix
for the parameter. for the parameter.
* Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl * Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl
sni entry parameter. Reported by inestlerode in #560. sni entry parameter. Reported by inestlerode in #560.
* Set the next sequence of the subject_alt_name to NULL when deleting
sequence on failure. Found and fix suggested by Philippe Antoine.
Credit to OSS-Fuzz.
API Changes API Changes
* Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,

View file

@ -681,6 +681,7 @@ static int x509_get_subject_alt_name( unsigned char **p,
sizeof( mbedtls_x509_sequence ) ); sizeof( mbedtls_x509_sequence ) );
mbedtls_free( seq_prv ); mbedtls_free( seq_prv );
} }
subject_alt_name->next = NULL;
return( ret ); return( ret );
} }

View file

@ -1214,6 +1214,10 @@ X509 Certificate ASN1 (TBSCertificate v3, ext CertificatePolicies tag, qualifier
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a301F0603551d2004183020301F0603551D200418301630140604551D2000300C300A06082B0601050507020101010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a301F0603551d2004183020301F0603551D200418301630140604551D2000300C300A06082B0601050507020101010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate v3, ext SubjectAlternativeName malformed)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509parse_crt:"30820220308201ffa0030201020209202020202020202020300d06092a864886f70d01010505003045310b30090603202020130220203113301106032020200c0a202020202020202020203121301f06032020200c18202020202020202020202020202020202020202020202020301e170d3134303432333230353034305a170d3137303432323230353034305a3045310b30090603202020130220203113301106032020200c0a202020202020202020203121301f06032020200c1820202020202020202020202020202020202020202020202030819f300d06092a864886f70d010101050003818d003081890281812020202020202020ff20202020202020202020202020202020202020ff202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020ff020320ffffa350304e301d0603202020041620202020202020202020202020202020202020202020301f0603551d11041830169104202020208000be002020202020202020202020202020202020202020202020202020202020202020ff20202020202020202020202020202020202020ff2020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020ff2020ff202020202020202020202020202020ff2020202020202020202020202020202020202020202020202020":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, bool len missing) X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, bool len missing)
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA