yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 11:05:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix embarrassing X.509 bug introduced in 9533765

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-04-08 11:55:03 +02:00
parent 95a0d118a9
commit 8c045ef8e4
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -8,6 +8,10 @@ Changes
Security Security
* Avoid potential timing leak in ecdsa_sign() by blinding modular division. * Avoid potential timing leak in ecdsa_sign() by blinding modular division.
(Found by Watson Ladd.) (Found by Watson Ladd.)
* The notAfter date of some certificates was no longer checked since 1.3.5.
This affects certificates in the user-supplied chain except the top
certificate. If the user-supplied chain contains only one certificates,
it is not affected (ie, its notAfter date is properly checked).
Bugfix Bugfix
* The length of various ClientKeyExchange messages was not properly checked. * The length of various ClientKeyExchange messages was not properly checked.

3
library/x509_crt.c
View File

@ -1647,6 +1647,9 @@ static int x509_crt_verify_child(
x509_crt *grandparent; x509_crt *grandparent;
const md_info_t *md_info; const md_info_t *md_info;
if( x509_time_expired( &child->valid_to ) )
*flags |= BADCERT_EXPIRED;
if( x509_time_future( &child->valid_from ) ) if( x509_time_future( &child->valid_from ) )
*flags |= BADCERT_FUTURE; *flags |= BADCERT_FUTURE;