Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / 75fdd0640f706bae5a8bf1f825ac4ad41c2b923c^2..75fdd0640f706bae5a8bf1f825ac4ad41c2b923c / .
commit75fdd0640f706bae5a8bf1f825ac4ad41c2b923c[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Wed Jan 06 10:07:52 2021 +0100
committerGitHub <noreply@github.com>Wed Jan 06 10:07:52 2021 +0100
treee28a6a24903ee46479be3bfa9c4bda8f09e51f29
parent73d783244f261213b7a87533343cb38ae76174f4 [diff]
parent03ee3834a0c848cf0daa77c2700478ab5ff0f024 [diff]
Merge pull request #3973 from stroebeljc/development

Fixed seed variable concatenation pointer.
diff --git a/ChangeLog.d/programs-ssl-use-after-scope.txt b/ChangeLog.d/programs-ssl-use-after-scope.txt
new file mode 100644
index 0000000..64bea61
--- /dev/null
+++ b/ChangeLog.d/programs-ssl-use-after-scope.txt

@@ -0,0 +1,2 @@
+Bugfix
+   * Fix use-after-scope error in programs/ssl/ssl_client2.c and ssl_server2.c

diff --git a/ChangeLog.d/psa_close_key_memory_leak_fix.txt b/ChangeLog.d/psa_close_key_memory_leak_fix.txt
new file mode 100644
index 0000000..91ce174
--- /dev/null
+++ b/ChangeLog.d/psa_close_key_memory_leak_fix.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Fix memory leak that occured when calling psa_close_key() on a
+     wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined.

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 82b95dc..f7b9129 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -1316,7 +1316,8 @@
 static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
 {
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    if( psa_key_slot_is_external( slot ) )
+    if( psa_get_se_driver( slot->attr.lifetime, NULL, NULL ) &&
+        psa_key_slot_is_external( slot ) )
     {
         /* No key material to clean. */
     }

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index fc69061..1ddfb80 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c

@@ -2339,12 +2339,12 @@
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
+    const mbedtls_ssl_srtp_profile forced_profile[] =
+                                { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
     if( opt.use_srtp == 1 )
     {
         if( opt.force_srtp_profile != 0 )
         {
-            const mbedtls_ssl_srtp_profile forced_profile[] =
-                                        { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
             ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, forced_profile );
         }
         else

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index ceeb224..4e11cb3 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c

@@ -3151,11 +3151,11 @@
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
+    const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
     if( opt.use_srtp == 1 )
     {
         if( opt.force_srtp_profile != 0 )
         {
-            const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
             ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile );
         }
         else