commit fdf946928d97a653666140d8b0625989f3ba2cc6
author Paul Bakker <p.j.bakker@polarssl.org> Tue Dec 17 13:09:31 2013 +0100
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Dec 17 13:10:27 2013 +0100
tree 7deb09a9d19e32331f47f8f22bc1d46f4316b78f
parent f70fe81a6e027b1a883f8373202285718b11d1f1
parent 0759d369e6ec85f7060ad4e9b9bf0b7591720c18

Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 84115d4..b0955e7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@
    * Support for adhering to client ciphersuite order preference
      (POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
    * Support for Curve25519
+   * Support for ECDH-RSA and ECDH-ECDSA key exchanges and ciphersuites
 
 Changes
    * gen_prime() speedup
@@ -21,6 +22,8 @@
    * SSL now gracefully handles missing RNG
    * Missing defines / cases for RSA_PSK key exchange
    * crypt_and_hash app checks MAC before final decryption
+   * Potential memory leak in ssl_ticket_keys_init()
+   * Memory leak in benchmark application
 
 = PolarSSL 1.3.2 released on 2013-11-04
 Features

library/cipher.c

diff --git a/library/cipher.c b/library/cipher.c
index f0a770a..bfb229e 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -241,13 +241,13 @@
 {
     int ret;
 
-    *olen = 0;
-
     if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
     {
         return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
     }
 
+    *olen = 0;
+
     if( ctx->cipher_info->mode == POLARSSL_MODE_ECB )
     {
         if( ilen != cipher_get_block_size( ctx ) )

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ce05d7a..9abc9be 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3455,17 +3455,24 @@
         return( POLARSSL_ERR_SSL_MALLOC_FAILED );
 
     if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->key_name, 16 ) ) != 0 )
+    {
+        polarssl_free( tkeys );
         return( ret );
+    }
 
     if( ( ret = ssl->f_rng( ssl->p_rng, buf, 16 ) ) != 0 ||
         ( ret = aes_setkey_enc( &tkeys->enc, buf, 128 ) ) != 0 ||
         ( ret = aes_setkey_dec( &tkeys->dec, buf, 128 ) ) != 0 )
     {
-            return( ret );
+        polarssl_free( tkeys );
+        return( ret );
     }
 
     if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->mac_key, 16 ) ) != 0 )
+    {
+        polarssl_free( tkeys );
         return( ret );
+    }
 
     ssl->ticket_keys = tkeys;
 
@@ -3823,7 +3830,7 @@
 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
 int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
 {
-    if( mfl_code >= sizeof( mfl_code_to_length ) ||
+    if( mfl_code >= SSL_MAX_FRAG_LEN_INVALID ||
         mfl_code_to_length[mfl_code] > SSL_MAX_CONTENT_LEN )
     {
         return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );

programs/test/benchmark.c

diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 34219c5..f91a2d4 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -298,6 +298,8 @@
             TIME_AND_TSC( title,
                     gcm_crypt_and_tag( &gcm, GCM_ENCRYPT, BUFSIZE, tmp,
                         12, NULL, 0, buf, buf, 16, tmp ) );
+
+            gcm_free( &gcm );
         }
     }
 #endif