From f3820e36f7431ffc6bf63b2848707d27ff7f00cd Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 7 Jun 2019 16:42:35 +0200
Subject: [PATCH 1/2] Fix misuse of signed ints in the HAVEGE module

Update havege.h to the new version in the crypto module.

This is technically an API break, since the type mbedtls_havege_state
is exposed in a public header. However normal applications should not
be affected.

There is no ABI break on platforms where uint32_t and int are treated
identically, which is virtually all of them.

Fix #2598
---
 ChangeLog                | 2 ++
 include/mbedtls/havege.h | 7 ++++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index bf835b65f5..189fd925bf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -58,11 +58,13 @@ Bugfix
    * Set the next sequence of the subject_alt_name to NULL when deleting
      sequence on failure. Found and fix suggested by Philippe Antoine.
      Credit to OSS-Fuzz.
+   * Fix misuse of signed arithmetic in the HAVEGE module. #2598
 
 API Changes
    * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
      and the used tls-prf.
    * Add public API for tls-prf function, according to requested enum.
+   * The HAVEGE state type now uses uint32_t elements instead of int.
 
 Changes
    * Server's RSA certificate in certs.c was SHA-1 signed. In the default
diff --git a/include/mbedtls/havege.h b/include/mbedtls/havege.h
index 4c1c86087a..749257a367 100644
--- a/include/mbedtls/havege.h
+++ b/include/mbedtls/havege.h
@@ -31,6 +31,7 @@
 #endif
 
 #include <stddef.h>
+#include <stdint.h>
 
 #define MBEDTLS_HAVEGE_COLLECT_SIZE 1024
 
@@ -43,9 +44,9 @@ extern "C" {
  */
 typedef struct mbedtls_havege_state
 {
-    int PT1, PT2, offset[2];
-    int pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
-    int WALK[8192];
+    uint32_t PT1, PT2, offset[2];
+    uint32_t pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
+    uint32_t WALK[8192];
 }
 mbedtls_havege_state;
 

From 06e752b2c2060235a09428d8f1c0916593c67644 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 14 Jun 2019 19:40:29 +0200
Subject: [PATCH 2/2] Update crypto submodule to a revision with the HAVEGE
 header changes

---
 crypto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto b/crypto
index 47f2de1329..b6229e304e 160000
--- a/crypto
+++ b/crypto
@@ -1 +1 @@
-Subproject commit 47f2de132936905d97a93e2ddf7f5237ab232fbe
+Subproject commit b6229e304e69e672dec653700467c696d32d19ae