From e7a5386eb9c1431a7b0e18398f48a5300fc7367a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 19:37:06 +0200 Subject: [PATCH 1/6] Add changelog entry for #3192: x509_crt max_pathlen int overflow fix Signed-off-by: Gilles Peskine --- ChangeLog.d/max_pathlen.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/max_pathlen.txt diff --git a/ChangeLog.d/max_pathlen.txt b/ChangeLog.d/max_pathlen.txt new file mode 100644 index 000000000..08f9c65a8 --- /dev/null +++ b/ChangeLog.d/max_pathlen.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix undefined behavior in X.509 certificate parsing if the + pathLenConstraint basic constraint value is equal to INT_MAX. + The actual effect with almost every compiler is the intended + behavior, so this is unlikely to be exploitable anywhere. #3192 From 14884f9822e67a13bbd7733046b5a3aa7d4a637f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 19:56:21 +0200 Subject: [PATCH 2/6] Add changelog entry for #3127: ssl_context_info Signed-off-by: Gilles Peskine --- ChangeLog.d/ssl_context_info.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/ssl_context_info.txt diff --git a/ChangeLog.d/ssl_context_info.txt b/ChangeLog.d/ssl_context_info.txt new file mode 100644 index 000000000..6a15061fa --- /dev/null +++ b/ChangeLog.d/ssl_context_info.txt @@ -0,0 +1,3 @@ +Features + * The new utility programs/ssl/ssl_context_info prints a human-readable + dump of an SSL context saved with mbedtls_ssl_context_save(). From fd0627521b4173579187f611ae7848848405c2e9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 20:18:26 +0200 Subject: [PATCH 3/6] Add changelog entry for #3176: new error functions Signed-off-by: Gilles Peskine --- ChangeLog.d/error_const.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/error_const.txt diff --git a/ChangeLog.d/error_const.txt b/ChangeLog.d/error_const.txt new file mode 100644 index 000000000..a3ee45740 --- /dev/null +++ b/ChangeLog.d/error_const.txt @@ -0,0 +1,6 @@ +Features + * New functions in the error module return constant strings for + high- and low-level error codes, complementing mbedtls_strerror + which constructs a string for any error code, including compound + ones, but requires a writable buffer. Contributed by Gaurav Aggarwal + in #3176. From bdc639b86f9694ad7186731c9b17efcddb589de5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Apr 2020 20:19:29 +0200 Subject: [PATCH 4/6] Add changelog entry for #3208: md.c switch case unification Signed-off-by: Gilles Peskine --- ChangeLog.d/md_switch.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/md_switch.txt diff --git a/ChangeLog.d/md_switch.txt b/ChangeLog.d/md_switch.txt new file mode 100644 index 000000000..a4d369b51 --- /dev/null +++ b/ChangeLog.d/md_switch.txt @@ -0,0 +1,3 @@ +Changes + * Combine identical cases in switch statements in md.c. Contributed + by irwir in #3208. From 19028a8bb15eeba47456783762c3f451d7dc2f5f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Apr 2020 09:51:51 +0200 Subject: [PATCH 5/6] Add changelog entry for #3150: simplify ssl_write_certificate_request Signed-off-by: Gilles Peskine --- ChangeLog.d/ssl_write_certificate_request.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/ssl_write_certificate_request.txt diff --git a/ChangeLog.d/ssl_write_certificate_request.txt b/ChangeLog.d/ssl_write_certificate_request.txt new file mode 100644 index 000000000..2d3067aba --- /dev/null +++ b/ChangeLog.d/ssl_write_certificate_request.txt @@ -0,0 +1,3 @@ +Changes + * Simplify a bounds check in ssl_write_certificate_request(). Contributed + by irwir in #3150. From 4830d2134b630091057e58b6ff4f8e8c5470d2ac Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Apr 2020 12:10:02 +0200 Subject: [PATCH 6/6] Use () after function name Signed-off-by: Gilles Peskine --- ChangeLog.d/error_const.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/error_const.txt b/ChangeLog.d/error_const.txt index a3ee45740..e0086b74c 100644 --- a/ChangeLog.d/error_const.txt +++ b/ChangeLog.d/error_const.txt @@ -1,6 +1,6 @@ Features * New functions in the error module return constant strings for - high- and low-level error codes, complementing mbedtls_strerror + high- and low-level error codes, complementing mbedtls_strerror() which constructs a string for any error code, including compound ones, but requires a writable buffer. Contributed by Gaurav Aggarwal in #3176.