Merge branch 'fix/mpi_incorrect_assert' into 'master'

fix(mbedtls): Fix incorrect assert for H/W MPI operations Closes WIFI-5591 and IDFGH-10615 See merge request espressif/esp-idf!24737
2025-12-16 04:22:22 +00:00 · 2023-07-14 08:59:10 +08:00
parent 304870dea0 20a3fcae48
commit 56f15ab017
2 changed files with 20 additions and 4 deletions
--- a/components/mbedtls/port/bignum/esp_bignum.c
+++ b/components/mbedtls/port/bignum/esp_bignum.c
@@ -632,12 +632,23 @@ static int mpi_mult_mpi_failover_mod_mult( mbedtls_mpi *Z, const mbedtls_mpi *X,

    Z->MBEDTLS_PRIVATE(s) = X->MBEDTLS_PRIVATE(s) * Y->MBEDTLS_PRIVATE(s);
    /*
-     * If this condition fails then most likely hardware peripheral
+     * Relevant: https://github.com/espressif/esp-idf/issues/11850
+     * If the first condition fails then most likely hardware peripheral
     * has produced an incorrect result for MPI operation. This can
     * happen if data fed to the peripheral register was incorrect.
-     * Relevant: https://github.com/espressif/esp-idf/issues/8710#issuecomment-1249178698
+     *
+     * z_words is calculated as the worst-case possible size of the result
+     * MPI Z. The difference between z_words and the actual words taken by
+     * the MPI result (mpi_words(Z)) can be a maximum of 1 word.
+     * The value z_bits (actual bits taken by the MPI result) is calculated
+     * as x_bits + y_bits bits, however, in some cases, z_bits can be
+     * x_bits + y_bits - 1 bits (see example below).
+     * 0b1111 * 0b1111 = 0b11100001 -> 8 bits
+     * 0b1000 * 0b1000 = 0b01000000 -> 7 bits.
+     * The code rounds up to the nearest word size, so the maximum difference
+     * could be of only 1 word. The second condition handles this.
     */
-    assert(mpi_words(Z) == z_words);
+    assert((z_words >= mpi_words(Z)) && (z_words - mpi_words(Z) <= (size_t)1));
 cleanup:
    esp_mpi_disable_hardware_hw_op();
    return ret;