From a7a495f7962749df788c56d76c941190bc0e99b2 Mon Sep 17 00:00:00 2001 From: Marius Vikhammer Date: Tue, 20 Jul 2021 18:59:24 +0800 Subject: [PATCH] aes: fix potential unaligned access of buffers https://github.com/espressif/esp-idf/issues/7236 --- components/mbedtls/port/esp32s2/aes.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/components/mbedtls/port/esp32s2/aes.c b/components/mbedtls/port/esp32s2/aes.c index ed367a494d..62b0071bb6 100644 --- a/components/mbedtls/port/esp32s2/aes.c +++ b/components/mbedtls/port/esp32s2/aes.c @@ -161,12 +161,14 @@ int esp_aes_setkey( esp_aes_context *ctx, const unsigned char *key, static void esp_aes_setkey_hardware( esp_aes_context *ctx, int crypt_mode) { const uint32_t MODE_DECRYPT_BIT = 4; + uint32_t key_word; unsigned mode_reg_base = (crypt_mode == ESP_AES_ENCRYPT) ? 0 : MODE_DECRYPT_BIT; ctx->key_in_hardware = 0; - + /* Memcpy to avoid potential unaligned access */ for (int i = 0; i < ctx->key_bytes / 4; ++i) { - REG_WRITE(AES_KEY_BASE + i * 4, *(((uint32_t *)ctx->key) + i)); + memcpy(&key_word, ctx->key + 4 * i, 4); + REG_WRITE(AES_KEY_BASE + i * 4, key_word); ctx->key_in_hardware += 4; } @@ -199,11 +201,13 @@ static inline void esp_aes_mode_init(esp_aes_mode_t mode) */ static inline void esp_aes_set_iv(uint8_t *iv) { - uint32_t *iv_words = (uint32_t*)iv; uint32_t *reg_addr_buf = (uint32_t *)(AES_IV_BASE); + uint32_t iv_word; for (int i = 0; i