Merge remote-tracking branch 'origin/pr/2815' into development
* origin/pr/2815:
ssl-opt.sh: wait for proxy to start before running the script further
diff --git a/ChangeLog b/ChangeLog
index 87b735a..0eb76c8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,10 @@
verified and significantly faster, but is only supported on x86 platforms
(32-bit and 64-bit) using GCC, Clang or Visual Studio. Contributed by
Christoph Wintersteiger from Microsoft Research.
+ * Add mbedtls_net_close(), enabling the building of forking servers where
+ the parent process closes the client socket and continue accepting, and
+ the child process closes the listening socket and handles the client
+ socket. Contributed by Robert Larsen in #2803.
API Changes
* Add DER-encoded test CRTs to library/certs.c, allowing
@@ -60,6 +64,11 @@
* Fix propagation of restart contexts in restartable EC operations.
This could previously lead to segmentation faults in builds using an
address-sanitizer and enabling but not using MBEDTLS_ECP_RESTARTABLE.
+ * Fix memory leak in in mpi_miller_rabin(). Contributed by
+ Jens Wiklander <jens.wiklander@linaro.org> in #2363
+ * Improve code clarity in x509_crt module, removing false-positive
+ uninitialized variable warnings on some recent toolchains (GCC8, etc).
+ Discovered and fixed by Andy Gross (Linaro), #2392.
Changes
* Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821.
diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index df42b45..adb589e 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -258,6 +258,13 @@
uint32_t timeout );
/**
+ * \brief Closes down the connection and free associated data
+ *
+ * \param ctx The context to close
+ */
+void mbedtls_net_close( mbedtls_net_context *ctx );
+
+/**
* \brief Gracefully shutdown the connection and free associated data
*
* \param ctx The context to free
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 5d538bf..c7b358d 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -652,6 +652,19 @@
}
/*
+ * Close the connection
+ */
+void mbedtls_net_close( mbedtls_net_context *ctx )
+{
+ if( ctx->fd == -1 )
+ return;
+
+ close( ctx->fd );
+
+ ctx->fd = -1;
+}
+
+/*
* Gracefully close the connection
*/
void mbedtls_net_free( mbedtls_net_context *ctx )
diff --git a/library/x509_crt.c b/library/x509_crt.c
index b2c19db..48f244e 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2611,15 +2611,13 @@
continue;
}
+ *r_parent = parent;
+ *r_signature_is_good = signature_is_good;
+
break;
}
- if( parent != NULL )
- {
- *r_parent = parent;
- *r_signature_is_good = signature_is_good;
- }
- else
+ if( parent == NULL )
{
*r_parent = fallback_parent;
*r_signature_is_good = fallback_signature_is_good;
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 80407e4..851bc05 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -254,6 +254,7 @@
if( pid != 0 )
{
mbedtls_printf( " ok\n" );
+ mbedtls_net_close( &client_fd );
if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg,
(const unsigned char *) "parent",
@@ -266,7 +267,7 @@
continue;
}
- mbedtls_net_init( &listen_fd );
+ mbedtls_net_close( &listen_fd );
pid = getpid();
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index abfef49..13c5c2d 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -840,11 +840,11 @@
component_test_no_use_psa_crypto_full_cmake_asan() {
# full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
- msg "build: cmake, full config + MBEDTLS_USE_PSA_CRYPTO, ASan"
+ msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan"
scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # slow and makes ASan mostly ineffective
scripts/config.pl set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC
- scripts/config.pl set MBEDTLS_PSA_CRYPTO_C
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C
scripts/config.pl unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
@@ -885,7 +885,6 @@
msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C"
scripts/config.pl full # includes CHECK_PARAMS
# Keep MBEDTLS_PARAM_FAILED as assert.
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
@@ -1074,6 +1073,7 @@
# Build once with -O0, to compile out the i386 specific inline assembly
msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # slow and makes ASan mostly ineffective
make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
msg "test: i386, make, gcc -O0 (ASan build)"
@@ -1090,9 +1090,7 @@
# Build again with -O1, to compile in the i386 specific inline assembly
msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s
scripts/config.pl full
- scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
- scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
- scripts/config.pl unset MBEDTLS_MEMORY_DEBUG
+ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # slow and makes ASan mostly ineffective
make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
msg "test: i386, make, gcc -O1 (ASan build)"