lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-05-17 17:41:17 +03:00
Code

Merge remote-tracking branch 'upstream-public/pr/1474' into development-proposed

Browse Source
This commit is contained in:
Jaeden Amero 2018-03-28 14:22:29 +01:00
commit 5ec118352e
3 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -37,6 +37,10 @@ Changes
* Do not define global mutexes around readdir() and gmtime() in * Do not define global mutexes around readdir() and gmtime() in
configurations where the feature is disabled. Found and fixed by Gergely configurations where the feature is disabled. Found and fixed by Gergely
Budai. Budai.
* Harden mbedtls_ssl_config_free() against misuse, so that it doesn't
leak memory in case the user doesn't use mbedtls_ssl_conf_psk() and
instead incorrectly manipulates conf->psk and/or conf->psk_identity
directly. Found and fix submitted by junyeonLEE in #1220.
= mbed TLS 2.8.0 branch released 2018-03-16 = mbed TLS 2.8.0 branch released 2018-03-16

16
include/mbedtls/ssl.h
View File

@ -682,10 +682,18 @@ struct mbedtls_ssl_config
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
unsigned char *psk; /*!< pre-shared key */ unsigned char *psk; /*!< pre-shared key. This field should
size_t psk_len; /*!< length of the pre-shared key */ only be set via
unsigned char *psk_identity; /*!< identity for PSK negotiation */ mbedtls_ssl_conf_psk() */
size_t psk_identity_len;/*!< length of identity */ size_t psk_len; /*!< length of the pre-shared key. This
field should only be set via
mbedtls_ssl_conf_psk() */
unsigned char *psk_identity; /*!< identity for PSK negotiation. This
field should only be set via
mbedtls_ssl_conf_psk() */
size_t psk_identity_len;/*!< length of identity. This field should
only be set via
mbedtls_ssl_conf_psk() */
#endif #endif
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)

10
library/ssl_tls.c
View File

@ -7741,10 +7741,16 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
if( conf->psk != NULL ) if( conf->psk != NULL )
{ {
mbedtls_zeroize( conf->psk, conf->psk_len ); mbedtls_zeroize( conf->psk, conf->psk_len );
mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len );
mbedtls_free( conf->psk ); mbedtls_free( conf->psk );
mbedtls_free( conf->psk_identity ); conf->psk = NULL;
conf->psk_len = 0; conf->psk_len = 0;
}
if( conf->psk_identity != NULL )
{
mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len );
mbedtls_free( conf->psk_identity );
conf->psk_identity = NULL;
conf->psk_identity_len = 0; conf->psk_identity_len = 0;
} }
#endif #endif