Merge pull request #4143 from stevew817/fix_misconstructed_dependency
Fix a malformed define guard
diff --git a/ChangeLog.d/fix_psa_crypto_leak.txt b/ChangeLog.d/fix_psa_crypto_leak.txt
new file mode 100644
index 0000000..6f9e5fe
--- /dev/null
+++ b/ChangeLog.d/fix_psa_crypto_leak.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix a memory leak in an error case in psa_generate_derived_key_internal().
diff --git a/ChangeLog.d/getentropy.txt b/ChangeLog.d/getentropy.txt
new file mode 100644
index 0000000..460798f
--- /dev/null
+++ b/ChangeLog.d/getentropy.txt
@@ -0,0 +1,3 @@
+Changes
+ * On recent enough versions of FreeBSD and DragonFlyBSD, the entropy module
+ now uses the getrandom syscall instead of reading from /dev/urandom.
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 355bd90..7dc8708 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -470,6 +470,8 @@
sign:
#endif
#if defined(MBEDTLS_ECDSA_SIGN_ALT)
+ (void) f_rng_blind;
+ (void) p_rng_blind;
ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
mbedtls_hmac_drbg_random, p_rng );
#else
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index 5250a7b..84b70fe 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -109,6 +109,21 @@
#endif /* SYS_getrandom */
#endif /* __linux__ || __midipix__ */
+#if defined(__FreeBSD__) || defined(__DragonFly__)
+#include <sys/param.h>
+#if (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || \
+ (defined(__DragonFly__) && __DragonFly_version >= 500700)
+#include <errno.h>
+#include <sys/random.h>
+#define HAVE_GETRANDOM
+static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
+{
+ return getrandom( buf, buflen, flags );
+}
+#endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) ||
+ (__DragonFly__ && __DragonFly_version >= 500700) */
+#endif /* __FreeBSD__ || __DragonFly__ */
+
/*
* Some BSD systems provide KERN_ARND.
* This is equivalent to reading from /dev/urandom, only it doesn't require an
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 7f12bcb..e3ba1d3 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4535,6 +4535,7 @@
else
#endif /* MBEDTLS_CHACHAPOLY_C */
{
+ (void) tag;
return( PSA_ERROR_NOT_SUPPORTED );
}
@@ -5041,6 +5042,7 @@
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF ||
* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
{
+ (void) kdf_alg;
return( PSA_ERROR_BAD_STATE );
}
@@ -5098,7 +5100,7 @@
status = psa_allocate_buffer_to_slot( slot, bytes );
if( status != PSA_SUCCESS )
- return( status );
+ goto exit;
slot->attr.bits = (psa_key_bits_t) bits;
psa_key_attributes_t attributes = {
@@ -5525,6 +5527,9 @@
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
{
/* This can't happen unless the operation object was not initialized */
+ (void) data;
+ (void) data_length;
+ (void) kdf_alg;
return( PSA_ERROR_BAD_STATE );
}