From dfd447e83642e262cb03ebf2bff7355da9191048 Mon Sep 17 00:00:00 2001 From: Jens Wiklander Date: Thu, 17 Jan 2019 13:30:57 +0100 Subject: [PATCH 1/4] fix memory leak in mpi_miller_rabin() Fixes memory leak in mpi_miller_rabin() that occurs when the function has failed to obtain a usable random 'A' 30 turns in a row. Signed-off-by: Jens Wiklander --- library/bignum.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index d3d02b1a0..606bca456 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2329,7 +2329,8 @@ static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds, } if (count++ > 30) { - return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; + ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; + goto cleanup; } } while ( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 || From 402d7ac3db9aefa27cedf7f0e53397927731981a Mon Sep 17 00:00:00 2001 From: Jens Wiklander Date: Thu, 17 Jan 2019 17:45:05 +0100 Subject: [PATCH 2/4] Add ChangeLog entry Signed-off-by: Jens Wiklander --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index b39b95391..842843899 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix previously lead to a stack overflow on constrained targets. * Add `MBEDTLS_SELF_TEST` for the mbedtls_self_test functions in the header files, which missed the precompilation check. #971 + * Fix memory leak in in mpi_miller_rabin(). Contributed by + Jens Wiklander in #2363 = mbed TLS 2.16.0 branch released 2018-12-21 From 420f3589e3a52ec0754bb350f3abf5cef75ac7ce Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 31 Jul 2019 13:58:29 +0300 Subject: [PATCH 3/4] Fix the license header of hkdf Change the license header of `hkdf.h` to a format the that script `apache_to_gpl.pl` knows how to parse. --- include/mbedtls/hkdf.h | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h index 40ee64eb0..bcafe4251 100644 --- a/include/mbedtls/hkdf.h +++ b/include/mbedtls/hkdf.h @@ -7,22 +7,22 @@ * specified by RFC 5869. */ /* - * Copyright (C) 2016-2018, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * Copyright (C) 2016-2019, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_HKDF_H #define MBEDTLS_HKDF_H From 3fc6f9d16d4e9a6f85a909123ba2ca233132f571 Mon Sep 17 00:00:00 2001 From: Andy Gross Date: Wed, 30 Jan 2019 10:25:53 -0600 Subject: [PATCH 4/4] Fix uninitialized variable in x509_crt This patch fixes an issue we encountered with more stringent compiler warnings. The signature_is_good variable has a possibility of being used uninitialized. This patch moves the use of the variable to a place where it cannot be used while uninitialized. Signed-off-by: Andy Gross --- ChangeLog | 3 +++ library/x509_crt.c | 10 ++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index a78257803..fea2bc29f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,9 @@ Bugfix * Fix propagation of restart contexts in restartable EC operations. This could previously lead to segmentation faults in builds using an address-sanitizer and enabling but not using MBEDTLS_ECP_RESTARTABLE. + * Improve code clarity in x509_crt module, removing false-positive + uninitialized variable warnings on some recent toolchains (GCC8, etc). + Discovered and fixed by Andy Gross (Linaro), #2392. Changes * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h diff --git a/library/x509_crt.c b/library/x509_crt.c index 56d7a3127..9c2e36547 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2087,15 +2087,13 @@ check_signature: continue; } + *r_parent = parent; + *r_signature_is_good = signature_is_good; + break; } - if( parent != NULL ) - { - *r_parent = parent; - *r_signature_is_good = signature_is_good; - } - else + if( parent == NULL ) { *r_parent = fallback_parent; *r_signature_is_good = fallback_signature_is_good;