From 175668a8fde97d06d2e5f7d09bc8f3533dcfd89c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 10 Jan 2018 11:24:43 +0000
Subject: [PATCH 1/2] Address issues found by coverity

1) The MPI test for prime generation missed a return value
   check for a call to `mpi_shift_r`. This is neither
   critical nor new but should be fixed.

2) The RSA keygeneration example program contained code
   initializing an RSA context after a potentially failing
   call to CTR DRBG initialization, leaving the corresponding
   RSA context free call in the cleanup section orphaned.
   The commit fixes this by moving the initializtion of the
   RSA context prior to the first potentially failing call.
---
 programs/pkey/rsa_genkey.c           | 2 +-
 tests/suites/test_suite_mpi.function | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index 0270b53bc..305158b41 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -74,6 +74,7 @@ int main( void )
     fflush( stdout );
 
     entropy_init( &entropy );
+    rsa_init( &rsa, RSA_PKCS_V15, 0 );
     if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
                                (const unsigned char *) pers,
                                strlen( pers ) ) ) != 0 )
@@ -85,7 +86,6 @@ int main( void )
     polarssl_printf( " ok\n  . Generating the RSA key [ %d-bit ]...", KEY_SIZE );
     fflush( stdout );
 
-    rsa_init( &rsa, RSA_PKCS_V15, 0 );
 
     if( ( ret = rsa_gen_key( &rsa, ctr_drbg_random, &ctr_drbg, KEY_SIZE,
                              EXPONENT ) ) != 0 )
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index c0fdf8e8d..ad2b32e1e 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -823,7 +823,8 @@ void mpi_gen_prime( int bits, int safe, int ref_ret )
         TEST_ASSERT( mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 );
         if( safe )
         {
-            mpi_shift_r( &X, 1 ); /* X = ( X - 1 ) / 2 */
+            /* X = ( X - 1 ) / 2 */
+            TEST_ASSERT( mpi_shift_r( &X, 1 ) == 0 );
             TEST_ASSERT( mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 );
         }
     }

From 78504c7833e473642c3464da757d55883a5f195a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 10 Jan 2018 11:25:14 +0000
Subject: [PATCH 2/2] Adapt ChangeLog

---
 ChangeLog | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index b3bab778f..854e86c85 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -45,6 +45,9 @@ Bugfix
      MilenkoMitrovic, #1104
    * Fix mbedtls_timing_alarm(0) on Unix.
    * Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1.
+   * Fix issue in RSA key generation program programs/x509/rsa_genkey
+     where the failure of CTR DRBG initialization lead to freeing an
+     RSA context without proper initialization beforehand.
 
 Changes
    * Extend cert_write example program by options to set the CRT version