From 2efb3288a05d29abb231dcf53e04d026a4f255dc Mon Sep 17 00:00:00 2001 From: David Cermak Date: Sat, 4 Jan 2020 17:18:46 +0100 Subject: [PATCH] mbedtls: fix hw accelerated big-num mul if operand and result overlap this issue is mainly exposed when using larger (4096) client key in TLS mutual auth, since it uses multiplications > 2048 when mbedtls_mpi_mul_mpi is used in recursion, which works only if both operands point to different location than result since mpi_mult_mpi_overlong() called mbedtls_mpi_grow() to reallocate buffers used in previous pointer arithmetics and thus corrupting it. Fixed by growing the mpi buffer before calling mpi_mult_mpi_overlong() --- components/mbedtls/port/esp32/esp_bignum.c | 8 +++----- components/mbedtls/port/esp32s2beta/esp_bignum.c | 4 +--- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/components/mbedtls/port/esp32/esp_bignum.c b/components/mbedtls/port/esp32/esp_bignum.c index 5e6fc90f32..3af4a45911 100644 --- a/components/mbedtls/port/esp32/esp_bignum.c +++ b/components/mbedtls/port/esp32/esp_bignum.c @@ -564,6 +564,9 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi return ret; } + /* Grow Z to result size early, avoid interim allocations */ + MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, z_words) ); + /* If either factor is over 2048 bits, we can't use the standard hardware multiplier (it assumes result is double longest factor, and result is max 4096 bits.) @@ -608,8 +611,6 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi start_op(RSA_MULT_START_REG); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, z_words) ); - wait_op_complete(RSA_MULT_START_REG); /* Read back the result */ @@ -716,9 +717,6 @@ static int mpi_mult_mpi_overlong(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbe }; mbedtls_mpi_init(&Ztemp); - /* Grow Z to result size early, avoid interim allocations */ - mbedtls_mpi_grow(Z, z_words); - /* Get result Ztemp = Yp * X (need temporary variable Ztemp) */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi(&Ztemp, X, &Yp) ); diff --git a/components/mbedtls/port/esp32s2beta/esp_bignum.c b/components/mbedtls/port/esp32s2beta/esp_bignum.c index af9aec8cd0..cfaa938843 100644 --- a/components/mbedtls/port/esp32s2beta/esp_bignum.c +++ b/components/mbedtls/port/esp32s2beta/esp_bignum.c @@ -449,6 +449,7 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi return mpi_mult_mpi_failover_mod_mult(Z, X, Y, z_words); } else { /* Still too long for the hardware unit... */ + mbedtls_mpi_grow(Z, z_words); if(y_words > x_words) { return mpi_mult_mpi_overlong(Z, X, Y, y_words, z_words); } else { @@ -573,9 +574,6 @@ static int mpi_mult_mpi_overlong(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbe }; mbedtls_mpi_init(&Ztemp); - /* Grow Z to result size early, avoid interim allocations */ - mbedtls_mpi_grow(Z, z_words); - /* Get result Ztemp = Yp * X (need temporary variable Ztemp) */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi(&Ztemp, X, &Yp) );