commit 14400c8fb04e406a042695f28762b40cc7b2aa7b
author Simon Butcher <simon.butcher@arm.com> Sat Jan 02 00:08:13 2016 +0000
committer Simon Butcher <simon.butcher@arm.com> Sat Jan 02 00:28:19 2016 +0000
tree 4ebf4a052aa76542b3fbd9421acdabd2638073fb
parent 7d3f3a8ac80adefa6c70ef76a47273735dcc4d71

Merge memory leak fix into branch 'mbedtls-1.3'

Merge of fix for memory leak in RSA-SSA signing - #372

library/asn1write.c

diff --git a/library/asn1write.c b/library/asn1write.c
index 6a7c9d3..bb60830 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -342,19 +342,18 @@
     }
     else if( cur->val.len < val_len )
     {
-        // Enlarge existing value buffer if needed
-        //
-        polarssl_free( cur->val.p );
-        cur->val.p = NULL;
-
-        cur->val.len = val_len;
-        cur->val.p = polarssl_malloc( val_len );
-        if( cur->val.p == NULL )
-        {
-            polarssl_free( cur->oid.p );
-            polarssl_free( cur );
+        /*
+         * Enlarge existing value buffer if needed
+         * Preserve old data until the allocation succeeded, to leave list in
+         * a consistent state in case allocation fails.
+         */
+        void *p = polarssl_malloc( val_len );
+        if( p == NULL )
             return( NULL );
-        }
+
+        polarssl_free( cur->val.p );
+        cur->val.p = p;
+        cur->val.len = val_len;
     }
 
     if( val != NULL )

library/bignum.c

diff --git a/library/bignum.c b/library/bignum.c
index 584ab85..b606238 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -34,7 +34,7 @@
  *  [3] GNU Multi-Precision Arithmetic Library
  *      https://gmplib.org/manual/index.html
  *
-*/
+ */
 
 #if !defined(POLARSSL_CONFIG_FILE)
 #include "polarssl/config.h"
@@ -1218,22 +1218,28 @@
 }
 
 /*
- * Unsigned integer divide - 64bit dividend and 32bit divisor
+ * Unsigned integer divide - double t_uint, dividend, u1/u0, and t_uint
+ * divisor, d
  */
-static t_uint int_div_int(t_uint u1, t_uint u0, t_uint d, t_uint *r)
+static t_uint int_div_int( t_uint u1, t_uint u0, t_uint d, t_uint *r )
 {
 #if defined(POLARSSL_HAVE_UDBL)
     t_udbl dividend, quotient;
+#else
+    const t_uint radix = 1 << biH;
+    t_uint d0, d1, q0, q1, rAX, r0, quotient;
+    t_uint u0_msw, u0_lsw;
+    int s;
 #endif
 
     /*
      * Check for overflow
      */
-    if(( 0 == d ) || ( u1 >= d ))
+    if( 0 == d || u1 >= d )
     {
-        if (r != NULL) *r = (~0);
+        if ( r != NULL ) *r = ~0;
 
-        return (~0);
+        return ( ~0 );
     }
 
 #if defined(POLARSSL_HAVE_UDBL)
@@ -1248,10 +1254,6 @@
 
     return (t_uint) quotient;
 #else
-    const t_uint radix = 1 << biH;
-    t_uint d0, d1, q0, q1, rAX, r0, quotient;
-    t_uint u0_msw, u0_lsw;
-    int s;
 
     /*
      * Algorithm D, Section 4.3.1 - The Art of Computer Programming
@@ -1265,7 +1267,7 @@
     d = d << s;
 
     u1 = u1 << s;
-    u1 |= (u0 >> (32 - s)) & ( (-s) >> 31);
+    u1 |= ( u0 >> ( 32 - s ) ) & ( -s >> 31 );
     u0 =  u0 << s;
 
     d1 = d >> biH;
@@ -1288,7 +1290,7 @@
         if ( r0 >= radix ) break;
     }
 
-    rAX = (u1 * radix) + (u0_msw - q1 * d);
+    rAX = ( u1 * radix ) + ( u0_msw - q1 * d );
     q0 = rAX / d1;
     r0 = rAX - q0 * d1;
 
@@ -1301,7 +1303,7 @@
     }
 
     if (r != NULL)
-        *r = (rAX * radix + u0_lsw - q0 * d) >> s;
+        *r = ( rAX * radix + u0_lsw - q0 * d ) >> s;
 
     quotient = q1 * radix + q0;
 

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 39dc02e..b1cd7cb 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -191,7 +191,7 @@
     /* SHA1 + RSA signature */
     sig_alg_len += 2;
 #endif
-#if defined(POLARSSL_MD5_C)
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES)
     /* MD5 + RSA signature */
     sig_alg_len += 2;
 #endif
@@ -209,7 +209,7 @@
     /* SHA1 + ECDSA signature */
     sig_alg_len += 2;
 #endif
-#if defined(POLARSSL_MD5_C)
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES)
     /* MD5 + ECDSA signature */
     sig_alg_len += 2;
 #endif
@@ -243,7 +243,7 @@
     sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1;
     sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
 #endif
-#if defined(POLARSSL_MD5_C)
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES)
     sig_alg_list[sig_alg_len++] = SSL_HASH_MD5;
     sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
 #endif
@@ -265,7 +265,7 @@
     sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1;
     sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
 #endif
-#if defined(POLARSSL_MD5_C)
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES)
     sig_alg_list[sig_alg_len++] = SSL_HASH_MD5;
     sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
 #endif
@@ -2035,6 +2035,14 @@
                 SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
                 return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
             }
+
+#if !defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES)
+            if( md_alg == POLARSSL_MD_MD5 )
+            {
+                SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+                return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+            }
+#endif
         }
         else
 #endif /* POLARSSL_SSL_PROTO_TLS1_2 */

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 3dc39f4..473f87d 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -492,6 +492,12 @@
      * So, just look at the HashAlgorithm part.
      */
     for( md_cur = md_list(); *md_cur != POLARSSL_MD_NONE; md_cur++ ) {
+#if !defined(POLARSSL_SSL_ENABLE_MD5_SIGNATURES)
+        /* Skip MD5 */
+        if( *md_cur == POLARSSL_MD_MD5 )
+            continue;
+#endif
+
         for( p = buf + 2; p < end; p += 2 ) {
             if( *md_cur == (int) ssl_md_alg_from_hash( p[0] ) ) {
                 ssl->handshake->sig_alg = p[0];