From 2717e5b62e45d57034eea5e04ced21b5f695ee63 Mon Sep 17 00:00:00 2001
From: "harshal.patil" <harshal.patil@espressif.com>
Date: Tue, 11 Feb 2025 10:52:49 +0530
Subject: [PATCH] fix(mbedtls/sha): Fix some local variable's types to avoid
 any substraction overflow error

- Though such a case would not occur given the way it is used the driver layer
---
 components/mbedtls/port/sha/core/esp_sha1.c           |  8 ++++----
 components/mbedtls/port/sha/core/esp_sha256.c         |  9 +++++----
 components/mbedtls/port/sha/core/esp_sha512.c         | 11 ++++++-----
 .../mbedtls/port/sha/core/include/esp_sha_internal.h  |  2 ++
 4 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/components/mbedtls/port/sha/core/esp_sha1.c b/components/mbedtls/port/sha/core/esp_sha1.c
index c54b9039b5..43529a9317 100644
--- a/components/mbedtls/port/sha/core/esp_sha1.c
+++ b/components/mbedtls/port/sha/core/esp_sha1.c
@@ -135,8 +135,8 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned cha
 
 int mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen )
 {
-    size_t fill;
-    uint32_t left, len, local_len = 0;
+    size_t fill, left, len;
+    uint32_t local_len = 0;
 
     if ( !ilen || (input == NULL)) {
         return 0;
@@ -160,7 +160,7 @@ int mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input,
         local_len = 64;
     }
 
-    len = (ilen / 64) * 64;
+    len = SHA_ALIGN_DOWN(ilen , 64);
 
     if ( len || local_len) {
 
@@ -184,7 +184,7 @@ int mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input,
             }
 
             uint32_t length_processed = 0;
-            while ( len - length_processed > 0 ) {
+            while ( len - length_processed != 0 ) {
                 esp_internal_sha1_block_process(ctx, input + length_processed);
                 length_processed += 64;
             }
diff --git a/components/mbedtls/port/sha/core/esp_sha256.c b/components/mbedtls/port/sha/core/esp_sha256.c
index 206ff5ad9c..f744ae459b 100644
--- a/components/mbedtls/port/sha/core/esp_sha256.c
+++ b/components/mbedtls/port/sha/core/esp_sha256.c
@@ -152,8 +152,8 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned
 int mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
                                size_t ilen )
 {
-    size_t fill;
-    uint32_t left, len, local_len = 0;
+    size_t fill, left, len;
+    uint32_t local_len = 0;
 
     if ( ilen == 0 ) {
         return 0;
@@ -179,7 +179,8 @@ int mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *inp
         local_len = 64;
     }
 
-    len = (ilen / 64) * 64;
+    len = SHA_ALIGN_DOWN(ilen , 64);
+
     if ( len || local_len) {
 
         esp_sha_acquire_hardware();
@@ -202,7 +203,7 @@ int mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *inp
             }
 
             uint32_t length_processed = 0;
-            while ( len - length_processed > 0 ) {
+            while ( len - length_processed != 0 ) {
                 esp_internal_sha256_block_process(ctx, input + length_processed);
                 length_processed += 64;
             }
diff --git a/components/mbedtls/port/sha/core/esp_sha512.c b/components/mbedtls/port/sha/core/esp_sha512.c
index 63f35e3025..5e77391536 100644
--- a/components/mbedtls/port/sha/core/esp_sha512.c
+++ b/components/mbedtls/port/sha/core/esp_sha512.c
@@ -190,14 +190,14 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, const unsigned
 int mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input,
                                size_t ilen )
 {
-    size_t fill;
-    unsigned int left, len, local_len = 0;
+    size_t fill, left, len;
+    uint32_t local_len = 0;
 
     if ( ilen == 0 ) {
         return 0;
     }
 
-    left = (unsigned int) (ctx->total[0] & 0x7F);
+    left = (size_t) (ctx->total[0] & 0x7F);
     fill = 128 - left;
 
     ctx->total[0] += (uint64_t) ilen;
@@ -215,7 +215,8 @@ int mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *inp
         local_len = 128;
     }
 
-    len = (ilen / 128) * 128;
+    len = SHA_ALIGN_DOWN(ilen , 128);
+
     if ( len || local_len) {
 
         esp_sha_acquire_hardware();
@@ -243,7 +244,7 @@ int mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *inp
             }
 
             uint32_t length_processed = 0;
-            while ( len - length_processed > 0 ) {
+            while ( len - length_processed != 0 ) {
                 esp_internal_sha512_block_process(ctx, input + length_processed);
                 length_processed += 128;
             }
diff --git a/components/mbedtls/port/sha/core/include/esp_sha_internal.h b/components/mbedtls/port/sha/core/include/esp_sha_internal.h
index 34374d5b1f..55e667774e 100644
--- a/components/mbedtls/port/sha/core/include/esp_sha_internal.h
+++ b/components/mbedtls/port/sha/core/include/esp_sha_internal.h
@@ -37,6 +37,8 @@ extern "C" {
 #endif
 #endif /* SOC_SHA_SUPPORT_DMA */
 
+#define SHA_ALIGN_DOWN(num, align)  ((num) & ~((align) - 1))
+
 typedef enum {
     SHA_BLOCK_MODE,
 #if SOC_SHA_SUPPORT_DMA