Skip to content

Commit 46aeed7

Browse files
0x676e670x676e67
authored
boring(patch): Fix alps_use_new_codepoint not initialized, may lead to undefined behavior, then get any value (#52)
1 parent e7c534c commit 46aeed7

File tree

1 file changed

+8
-7
lines changed

1 file changed

+8
-7
lines changed

boring-sys/patches/boringssl-44b3df6f03d85c901767250329c571db405122d5.patch

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6241,7 +6241,7 @@ index 09a9ad380..9c583b5ec 100644
62416241
return nullptr;
62426242
}
62436243
diff --git a/src/ssl/ssl_lib.cc b/src/ssl/ssl_lib.cc
6244-
index 838761af5..9c4a340d0 100644
6244+
index 838761af5..d187cf56c 100644
62456245
--- a/src/ssl/ssl_lib.cc
62466246
+++ b/src/ssl/ssl_lib.cc
62476247
@@ -537,7 +537,8 @@ ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method)
@@ -6277,17 +6277,18 @@ index 838761af5..9c4a340d0 100644
62776277
ssl->config->handoff = ctx->handoff;
62786278
ssl->quic_method = ctx->quic_method;
62796279

6280-
@@ -707,7 +711,8 @@ SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg)
6280+
@@ -707,7 +711,9 @@ SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg)
62816281
shed_handshake_config(false),
62826282
jdk11_workaround(false),
62836283
quic_use_legacy_codepoint(false),
62846284
- permute_extensions(false) {
62856285
+ permute_extensions(false),
6286-
+ key_shares_limit(0) {
6286+
+ key_shares_limit(0),
6287+
+ alps_use_new_codepoint(false) {
62876288
assert(ssl);
62886289
}
62896290

6290-
@@ -2134,6 +2139,28 @@ void SSL_enable_ocsp_stapling(SSL *ssl) {
6291+
@@ -2134,6 +2140,28 @@ void SSL_enable_ocsp_stapling(SSL *ssl) {
62916292
ssl->config->ocsp_stapling_enabled = true;
62926293
}
62936294

@@ -6316,7 +6317,7 @@ index 838761af5..9c4a340d0 100644
63166317
void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out,
63176318
size_t *out_len) {
63186319
SSL_SESSION *session = SSL_get_session(ssl);
6319-
@@ -2327,6 +2354,13 @@ int SSL_has_application_settings(const SSL *ssl) {
6320+
@@ -2327,6 +2355,13 @@ int SSL_has_application_settings(const SSL *ssl) {
63206321
return session && session->has_application_settings;
63216322
}
63226323

@@ -6330,7 +6331,7 @@ index 838761af5..9c4a340d0 100644
63306331
int SSL_CTX_add_cert_compression_alg(SSL_CTX *ctx, uint16_t alg_id,
63316332
ssl_cert_compression_func_t compress,
63326333
ssl_cert_decompression_func_t decompress) {
6333-
@@ -2939,6 +2973,24 @@ void SSL_set_permute_extensions(SSL *ssl, int enabled) {
6334+
@@ -2939,6 +2974,24 @@ void SSL_set_permute_extensions(SSL *ssl, int enabled) {
63346335
ssl->config->permute_extensions = !!enabled;
63356336
}
63366337

@@ -6355,7 +6356,7 @@ index 838761af5..9c4a340d0 100644
63556356
int32_t SSL_get_ticket_age_skew(const SSL *ssl) {
63566357
return ssl->s3->ticket_age_skew;
63576358
}
6358-
@@ -3151,7 +3203,7 @@ namespace fips202205 {
6359+
@@ -3151,7 +3204,7 @@ namespace fips202205 {
63596360
// Section 3.3.1
63606361
// "The server shall be configured to only use cipher suites that are
63616362
// composed entirely of NIST approved algorithms"

0 commit comments

Comments
 (0)