From b70ba9fec788ac46cbf9d8592a29d43075e08126 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 10 Jan 2018 10:46:18 +0000 Subject: [PATCH 1/2] Address issues found by coverity 1) The MPI test for prime generation missed a return value check for a call to `mbedtls_mpi_shift_r`. This is neither critical nor new but should be fixed. 2) The RSA keygeneration example program contained code initializing an RSA context after a potentially failing call to CTR DRBG initialization, leaving the corresponding RSA context free call in the cleanup section orphaned. The commit fixes this by moving the initializtion of the RSA context prior to the first potentially failing call. --- programs/pkey/rsa_genkey.c | 3 +-- tests/suites/test_suite_mpi.function | 3 ++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index e199ad247..6bbc4902b 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -70,6 +70,7 @@ int main( void ) const char *pers = "rsa_genkey"; mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); @@ -86,8 +87,6 @@ int main( void ) mbedtls_printf( " ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE ); fflush( stdout ); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - if( ( ret = mbedtls_rsa_gen_key( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE, EXPONENT ) ) != 0 ) { diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index c41ca6937..6ceae1501 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -826,7 +826,8 @@ void mbedtls_mpi_gen_prime( int bits, int safe, int ref_ret ) TEST_ASSERT( mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 ); if( safe ) { - mbedtls_mpi_shift_r( &X, 1 ); /* X = ( X - 1 ) / 2 */ + /* X = ( X - 1 ) / 2 */ + TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 ); TEST_ASSERT( mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 ); } } From f34f4e53c9cd5ef625a0c7b014d6e7f973feae60 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 10 Jan 2018 10:48:53 +0000 Subject: [PATCH 2/2] Adapt ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index c6031b418..ed7818e30 100644 --- a/ChangeLog +++ b/ChangeLog @@ -59,6 +59,9 @@ Bugfix MilenkoMitrovic, #1104 * Fix mbedtls_timing_alarm(0) on Unix. * Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1. + * Fix issue in RSA key generation program programs/x509/rsa_genkey + where the failure of CTR DRBG initialization lead to freeing an + RSA context without proper initialization beforehand. Changes * Extend cert_write example program by options to set the CRT version