Merge remote-tracking branch 'origin/mbedtls-2.16' into mbedtls-2.16-restricted

* origin/mbedtls-2.16:
  Changelog entry
  Check for zero length and NULL buffer pointer
  ssl-opt.sh: wait for proxy to start before running the script further
  Adapt ChangeLog
  Fix mpi_bigendian_to_host() on bigendian systems
This commit is contained in:
Jaeden Amero 2019-09-05 18:14:55 +01:00
commit 89408672eb
4 changed files with 34 additions and 11 deletions

View File

@ -48,6 +48,11 @@ Bugfix
* Improve code clarity in x509_crt module, removing false-positive
uninitialized variable warnings on some recent toolchains (GCC8, etc).
Discovered and fixed by Andy Gross (Linaro), #2392.
* Zero length buffer check for undefined behavior in
mbedtls_platform_zeroize(). Fixes ARMmbed/mbed-crypto#49.
* Fix bug in endianness conversion in bignum module. This lead to
functionally incorrect code on bigendian systems which don't have
__BYTE_ORDER__ defined. Reported by Brendan Shanks. Fixes #2622.
Changes
* Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h

View File

@ -742,10 +742,15 @@ cleanup:
static mbedtls_mpi_uint mpi_uint_bigendian_to_host_c( mbedtls_mpi_uint x )
{
uint8_t i;
unsigned char *x_ptr;
mbedtls_mpi_uint tmp = 0;
/* This works regardless of the endianness. */
for( i = 0; i < ciL; i++, x >>= 8 )
tmp |= ( x & 0xFF ) << ( ( ciL - 1 - i ) << 3 );
for( i = 0, x_ptr = (unsigned char*) &x; i < ciL; i++, x_ptr++ )
{
tmp <<= CHAR_BIT;
tmp |= (mbedtls_mpi_uint) *x_ptr;
}
return( tmp );
}

View File

@ -72,7 +72,10 @@ static void * (* const volatile memset_func)( void *, int, size_t ) = memset;
void mbedtls_platform_zeroize( void *buf, size_t len )
{
memset_func( buf, 0, len );
MBEDTLS_INTERNAL_VALIDATE( len == 0 || buf != NULL );
if( len > 0 )
memset_func( buf, 0, len );
}
#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */

View File

@ -420,9 +420,9 @@ has_mem_err() {
fi
}
# Wait for process $2 to be listening on port $1
# Wait for process $2 named $3 to be listening on port $1. Print error to $4.
if type lsof >/dev/null 2>/dev/null; then
wait_server_start() {
wait_app_start() {
START_TIME=$(date +%s)
if [ "$DTLS" -eq 1 ]; then
proto=UDP
@ -432,8 +432,8 @@ if type lsof >/dev/null 2>/dev/null; then
# Make a tight loop, server normally takes less than 1s to start.
while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do
if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
echo "SERVERSTART TIMEOUT"
echo "SERVERSTART TIMEOUT" >> $SRV_OUT
echo "$3 START TIMEOUT"
echo "$3 START TIMEOUT" >> $4
break
fi
# Linux and *BSD support decimal arguments to sleep. On other
@ -442,12 +442,22 @@ if type lsof >/dev/null 2>/dev/null; then
done
}
else
echo "Warning: lsof not available, wait_server_start = sleep"
wait_server_start() {
echo "Warning: lsof not available, wait_app_start = sleep"
wait_app_start() {
sleep "$START_DELAY"
}
fi
# Wait for server process $2 to be listening on port $1.
wait_server_start() {
wait_app_start $1 $2 "SERVER" $SRV_OUT
}
# Wait for proxy process $2 to be listening on port $1.
wait_proxy_start() {
wait_app_start $1 $2 "PROXY" $PXY_OUT
}
# Given the client or server debug output, parse the unix timestamp that is
# included in the first 4 bytes of the random bytes and check that it's within
# acceptable bounds
@ -600,7 +610,7 @@ run_test() {
echo "$PXY_CMD" > $PXY_OUT
$PXY_CMD >> $PXY_OUT 2>&1 &
PXY_PID=$!
# assume proxy starts faster than server
wait_proxy_start "$PXY_PORT" "$PXY_PID"
fi
check_osrv_dtls