Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-21 21:36:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make entropy double-free work

Browse source 
Although the library documentation does not guarantee that calling
mbedtls_entropy_free() twice works, it's a plausible assumption and it's
natural to write code that frees an object twice. While this is uncommon for
an entropy context, which is usually a global variable, it came up in our
own unit tests (random_twice tests in test_suite_random in the
development branch).

Announce this in the same changelog entry as for RSA because it's the same
bug in the two modules.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-02-22 21:26:54 +01:00
parent 210a0168d5
commit 57f8e9116e
3 changed files with 14 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
ChangeLog.d/rsa-mutex.txt
View file

@ -1,8 +1,8 @@
Bugfix
* Ensure that calling mbedtls_rsa_free() twice is safe. This happens
when some Mbed TLS library functions fail. Such a double-free was
not safe when MBEDTLS_THREADING_C was enabled on platforms where
freeing a mutex twice is not safe.
* Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free()
twice is safe. This happens for RSA when some Mbed TLS library functions
fail. Such a double-free was not safe when MBEDTLS_THREADING_C was
enabled on platforms where freeing a mutex twice is not safe.
* Fix a resource leak in a bad-arguments case of mbedtls_rsa_gen_key()
when MBEDTLS_THREADING_C is enabled on platforms where initializing
a mutex allocates resources.