commit a2ef78d50c86a70763f9e3b68a358ce73fde500c
author Gilles Peskine <Gilles.Peskine@arm.com> Tue Jan 23 00:47:43 2018 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Tue Jan 23 00:47:43 2018 +0100
tree 43a25424d11ec05de7443860f603a98eb12ff410
parent b9088ee5376b919bf0e48384bfb9da14447a75c4
parent 022954f4bd217f5efe66c60d63f6a022771d8567

Merge remote-tracking branch 'upstream-restricted/pr/442' into mbedtls-2.1-restricted

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index d9bbc0b..57f8f5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -93,6 +93,9 @@
      MilenkoMitrovic, #1104
    * Fix mbedtls_timing_alarm(0) on Unix.
    * Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1.
+   * Fix issue in RSA key generation program programs/x509/rsa_genkey
+     where the failure of CTR DRBG initialization lead to freeing an
+     RSA context without proper initialization beforehand.
 
 Changes
    * Extend cert_write example program by options to set the CRT version

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index ec60299..af3722c 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1949,7 +1949,7 @@
     const mbedtls_ssl_ciphersuite_t *suite = NULL;
     const mbedtls_cipher_info_t *cipher = NULL;
 
-    if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
+    if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
         ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
     {
         *olen = 0;

programs/pkey/rsa_genkey.c

diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index e199ad2..6bbc490 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -70,6 +70,7 @@
     const char *pers = "rsa_genkey";
 
     mbedtls_ctr_drbg_init( &ctr_drbg );
+    mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
 
     mbedtls_printf( "\n  . Seeding the random number generator..." );
     fflush( stdout );
@@ -86,8 +87,6 @@
     mbedtls_printf( " ok\n  . Generating the RSA key [ %d-bit ]...", KEY_SIZE );
     fflush( stdout );
 
-    mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
-
     if( ( ret = mbedtls_rsa_gen_key( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE,
                              EXPONENT ) ) != 0 )
     {

tests/suites/test_suite_mpi.function

diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index c41ca69..6ceae15 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -826,7 +826,8 @@
         TEST_ASSERT( mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 );
         if( safe )
         {
-            mbedtls_mpi_shift_r( &X, 1 ); /* X = ( X - 1 ) / 2 */
+            /* X = ( X - 1 ) / 2 */
+            TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 );
             TEST_ASSERT( mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 );
         }
     }