forked from espressif/esp-idf
mbedtls: fix hw accelerated big-num mul if operand and result overlap
this issue is mainly exposed when using larger (4096) client key in TLS mutual auth, since it uses multiplications > 2048 when mbedtls_mpi_mul_mpi is used in recursion, which works only if both operands point to different location than result since mpi_mult_mpi_overlong() called mbedtls_mpi_grow() to reallocate buffers used in previous pointer arithmetics and thus corrupting it. Fixed by growing the mpi buffer before calling mpi_mult_mpi_overlong()
This commit is contained in:
David Cermak
@@ -513,6 +513,8 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi
|
|||||||
/* Result Z has to have room for double the larger factor */
|
/* Result Z has to have room for double the larger factor */
|
||||||
words_z = words_mult * 2;
|
words_z = words_mult * 2;
|
||||||
|
|
||||||
|
/* Grow Z to result size early, avoid interim allocations */
|
||||||
|
mbedtls_mpi_grow(Z, words_z);
|
||||||
|
|
||||||
/* If either factor is over 2048 bits, we can't use the standard hardware multiplier
|
/* If either factor is over 2048 bits, we can't use the standard hardware multiplier
|
||||||
(it assumes result is double longest factor, and result is max 4096 bits.)
|
(it assumes result is double longest factor, and result is max 4096 bits.)
|
||||||
@@ -665,9 +667,6 @@ static int mpi_mult_mpi_overlong(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbe
|
|||||||
};
|
};
|
||||||
mbedtls_mpi_init(&Ztemp);
|
mbedtls_mpi_init(&Ztemp);
|
||||||
|
|
||||||
/* Grow Z to result size early, avoid interim allocations */
|
|
||||||
mbedtls_mpi_grow(Z, words_result);
|
|
||||||
|
|
||||||
/* Get result Ztemp = Yp * X (need temporary variable Ztemp) */
|
/* Get result Ztemp = Yp * X (need temporary variable Ztemp) */
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi(&Ztemp, X, &Yp) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi(&Ztemp, X, &Yp) );
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user