Mbed TLS: Fix wrong MPI N in ECP Curve448 curve

In loading Curve448, MPI N is in uninitialized state and its sign flag N.s isn't initialized to 1. Following most other code, this can be fixed by invoking mbedtls_mpi_lset() on it.
ARMmbed · May 20, 2022 · 7235ec8 · 7235ec8
1 parent 1ab98de
commit 7235ec8
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/connectivity/mbedtls/source/ecp_curves.c b/connectivity/mbedtls/source/ecp_curves.c
@@ -745,6 +745,14 @@ static int ecp_use_curve448( mbedtls_ecp_group *grp )
     mbedtls_mpi_free( &grp->G.Y );
 
     /* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */
+    /* Fix wrong sign flag grp->N.s
+     *
+     * grp->N is in uninitialized state due to caller's having invoking
+     * mbedtls_ecp_group_free(grp). In uninitialized state, grp->N.s is
+     * not wanted 1 indicating positive. This can fix by re-initializing
+     * through mbedtls_mpi_lset(&grp->N, 0).
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->N, 0 ) );
     MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) );
     MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &Ns, 16,
                                               "8335DC163BB124B65129C96FDE933D8D723A70AADC873D6D54A7BB0D" ) );