From 3099b43c6b9e9e5116aa9e3f0240cc90d792d353 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Oct 2017 20:10:46 +0200 Subject: [PATCH] Timing: fix mbedtls_set_alarm(0) on Unix/POSIX The POSIX/Unix implementation of mbedtls_set_alarm did not set the mbedtls_timing_alarmed flag when called with 0, which was inconsistent with what the documentation implied and with the Windows behavior. --- ChangeLog | 7 ++++--- library/timing.c | 6 ++++++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0064f1ec0..5c3eaa546 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,9 @@ Security was independently reported by Tim Nordell via e-mail and by Florin Petriuc and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022. Fixes #707. +Features + * Allow comments in test data files. + Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. @@ -50,15 +53,13 @@ Bugfix * Fix word size check in in pk.c to not depend on MBEDTLS_HAVE_INT64. * Fix crash when calling mbedtls_ssl_cache_free() twice. Found by MilenkoMitrovic, #1104 + * Fix mbedtls_timing_alarm(0) on Unix. Changes * Extend cert_write example program by options to set the CRT version and the message digest. Further, allow enabling/disabling of authority identifier, subject identifier and basic constraints extensions. -Features - * Allow comments in test data files. - = mbed TLS 2.1.9 branch released 2017-08-10 Security diff --git a/library/timing.c b/library/timing.c index 5d8b25b99..4ec4bf45b 100644 --- a/library/timing.c +++ b/library/timing.c @@ -310,6 +310,12 @@ void mbedtls_set_alarm( int seconds ) mbedtls_timing_alarmed = 0; signal( SIGALRM, sighandler ); alarm( seconds ); + if( seconds == 0 ) + { + /* alarm(0) cancelled any previous pending alarm, but the + handler won't fire, so raise the flag straight away. */ + mbedtls_timing_alarmed = 1; + } } #endif /* _WIN32 && !EFIX64 && !EFI32 */