diff --git a/ChangeLog b/ChangeLog index ca283c849..b4ad3f7ed 100644 --- a/ChangeLog +++ b/ChangeLog @@ -90,6 +90,9 @@ Bugfix MilenkoMitrovic, #1104 * Fix mbedtls_timing_alarm(0) on Unix. * Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1. + * Fix issue in RSA key generation program programs/x509/rsa_genkey + where the failure of CTR DRBG initialization lead to freeing an + RSA context without proper initialization beforehand. Changes * Extend cert_write example program by options to set the CRT version diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index e199ad247..6bbc4902b 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -70,6 +70,7 @@ int main( void ) const char *pers = "rsa_genkey"; mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); @@ -86,8 +87,6 @@ int main( void ) mbedtls_printf( " ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE ); fflush( stdout ); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - if( ( ret = mbedtls_rsa_gen_key( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE, EXPONENT ) ) != 0 ) { diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index c41ca6937..6ceae1501 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -826,7 +826,8 @@ void mbedtls_mpi_gen_prime( int bits, int safe, int ref_ret ) TEST_ASSERT( mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 ); if( safe ) { - mbedtls_mpi_shift_r( &X, 1 ); /* X = ( X - 1 ) / 2 */ + /* X = ( X - 1 ) / 2 */ + TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 ); TEST_ASSERT( mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 ); } }