From 060009518b8cd6c65f0b32ae02da831235c7ef2a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 22 Nov 2022 10:18:06 +0000 Subject: [PATCH] mpi_exp_mod: fix out of bounds access The table size was set before the configured window size bound was applied which lead to out of bounds access when the configured window size bound is less. Signed-off-by: Janos Follath --- library/bignum.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index 53d16495b..618da377f 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2005,13 +2005,14 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, window_bitsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 : ( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1; - const size_t w_table_used_size = ( (size_t)1 << window_bitsize ) + 1; #if( MBEDTLS_MPI_WINDOW_SIZE < 6 ) if( window_bitsize > MBEDTLS_MPI_WINDOW_SIZE ) window_bitsize = MBEDTLS_MPI_WINDOW_SIZE; #endif + const size_t w_table_used_size = ( (size_t) 1 << window_bitsize ) + 1; + /* * This function is not constant-trace: its memory accesses depend on the * exponent value. To defend against timing attacks, callers (such as RSA