Merge remote-tracking branch 'origin/mbedtls-2.16' into mbedtls-2.16-restricted

* origin/mbedtls-2.16: Fix uninitialized variable in x509_crt Fix the license header of hkdf Add ChangeLog entry fix memory leak in mpi_miller_rabin()
2024-10-18 10:11:04 +00:00 · 2019-09-03 19:43:13 +01:00 · 2019-09-03 19:43:13 +01:00 · e7e55158f8
parent f85a15e090 fe1d66d3e2
commit e7e55158f8
4 changed files with 23 additions and 19 deletions
--- a/5
+++ b/5
@ -43,6 +43,11 @@ Bugfix
   * Fix propagation of restart contexts in restartable EC operations.
     This could previously lead to segmentation faults in builds using an
     address-sanitizer and enabling but not using MBEDTLS_ECP_RESTARTABLE.
+   * Fix memory leak in in mpi_miller_rabin(). Contributed by
+     Jens Wiklander <jens.wiklander@linaro.org> in #2363
+   * Improve code clarity in x509_crt module, removing false-positive
+     uninitialized variable warnings on some recent toolchains (GCC8, etc).
+     Discovered and fixed by Andy Gross (Linaro), #2392.

 Changes
   * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h
--- a/include/mbedtls/hkdf.h
+++ b/include/mbedtls/hkdf.h
@ -7,22 +7,22 @@
 *          specified by RFC 5869.
 */
 /*
- * Copyright (C) 2016-2018, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
+ *  Copyright (C) 2016-2019, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
 *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
 *
- * http://www.apache.org/licenses/LICENSE-2.0
+ *  http://www.apache.org/licenses/LICENSE-2.0
 *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
 *
- * This file is part of mbed TLS (https://tls.mbed.org)
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_HKDF_H
 #define MBEDTLS_HKDF_H
--- a/library/bignum.c
+++ b/library/bignum.c
@ -2351,7 +2351,8 @@ static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds,
            }

            if (count++ > 30) {
-                return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+                ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+                goto cleanup;
            }

        } while ( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 ||
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -2087,15 +2087,13 @@ check_signature:
            continue;
        }

+        *r_parent = parent;
+        *r_signature_is_good = signature_is_good;
+
        break;
    }

-    if( parent != NULL )
-    {
-        *r_parent = parent;
-        *r_signature_is_good = signature_is_good;
-    }
-    else
+    if( parent == NULL )
    {
        *r_parent = fallback_parent;
        *r_signature_is_good = fallback_signature_is_good;