Fixed segfault in mpi_shift_r(), Fixed memory leak in test_suite_mpi

(cherry picked from commit e44ec108be)

ChangeLog

@@ -10,6 +10,8 @@ Bugfix
    * Prevent reading over buffer boundaries on X509 certificate parsing
    * mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
      #52)
+   * Fixed possible segfault in mpi_shift_r() (found by Manuel
+     Pégourié-Gonnard)
 
 Security
    * Fixed potential memory zeroization on miscrafted RSA key (found by Eloi

library/bignum.c

@@ -609,6 +609,9 @@ int mpi_shift_r( mpi *X, size_t count )
     v0 = count /  biL;
     v1 = count & (biL - 1);
 
+    if( v0 > X->n || ( v0 == X->n && v1 > 0 ) )
+        return mpi_lset( X, 0 );
+
     /*
      * shift by count / limb_size
      */

tests/suites/test_suite_mpi.data

@@ -300,6 +300,18 @@ mpi_shift_r:10:"128":1:10:"64"
 Test mpi_shift_r #2
 mpi_shift_r:10:"120815570979701484704906977000760567182871429114712069861589084706550626575967516787438008593490722779337547394120718248995900363209947025063336882559539208430319216688889117222633155838468458047056355241515415159736436403445579777425189969":45:10:"3433785053053426415343295076376096153094051405637175942660777670498379921354157795219578264137985649407981651226029903483433269093721578004287291678324982297860947730012217028349628999378309630601971640587504883789518896817457"
 
+Test mpi_shift_r #4
+mpi_shift_r:16:"FFFFFFFFFFFFFFFF":63:16:"01"
+
+Test mpi_shift_r #4
+mpi_shift_r:16:"FFFFFFFFFFFFFFFF":64:16:"00"
+
+Test mpi_shift_r #6
+mpi_shift_r:16:"FFFFFFFFFFFFFFFF":65:16:"00"
+
+Test mpi_shift_r #7
+mpi_shift_r:16:"FFFFFFFFFFFFFFFF":128:16:"00"
+
 Base test mpi_mul_mpi #1
 mpi_mul_mpi:10:"5":10:"7":10:"35"
 

tests/suites/test_suite_mpi.function

@@ -162,7 +162,7 @@ mpi_set_bit:radix_X:input_X:pos:val:radix_Y:output_Y
     TEST_ASSERT( mpi_set_bit( &X, {pos}, {val} ) == 0 );
     TEST_ASSERT( mpi_cmp_mpi( &X, &Y ) == 0 );
 
-    mpi_free( &X );
+    mpi_free( &X ); mpi_free( &Y );
 }
 END_CASE