mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 06:14:37 +01:00
12 lines
695 B
Plaintext
12 lines
695 B
Plaintext
|
Security
|
||
|
* Fix a compliance issue whereby we were not checking the tag on the
|
||
|
algorithm parameters (only the size) when comparing the signature in the
|
||
|
description part of the cert to the real signature. This meant that a
|
||
|
NULL algorithm parameters entry would look identical to an array of REAL
|
||
|
(size zero) to the library and thus the certificate would be considered
|
||
|
valid. However, if the parameters do not match in *any* way then the
|
||
|
certificate should be considered invalid, and indeed OpenSSL marks these
|
||
|
certs as invalid when mbedtls did not.
|
||
|
Many thanks to guidovranken who found this issue via differential fuzzing
|
||
|
and reported it in #3629.
|