ECP: Prevent freeing a buffer on stack
The function ecp_mod_koblitz computed the space for the result of a
multiplication optimally for that specific case, but unfortunately
the function mbedtls_mpi_mul_mpi performs a generic, suboptimal
calculation and needs one more limb for the result. Since the result's
buffer is on the stack, the best case scenario is that the program
stops.
This only happened on 64 bit platforms.
Fixes #569
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index f5afe44..db6ad3c 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -1264,7 +1264,7 @@
int ret;
size_t i;
mpi M, R;
- t_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R];
+ t_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
if( N->n < p_limbs )
return( 0 );
@@ -1286,7 +1286,7 @@
memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) );
if( shift != 0 )
MPI_CHK( mpi_shift_r( &M, shift ) );
- M.n += R.n - adjust; /* Make room for multiplication by R */
+ M.n += R.n; /* Make room for multiplication by R */
/* N = A0 */
if( mask != 0 )
@@ -1308,7 +1308,7 @@
memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) );
if( shift != 0 )
MPI_CHK( mpi_shift_r( &M, shift ) );
- M.n += R.n - adjust; /* Make room for multiplication by R */
+ M.n += R.n; /* Make room for multiplication by R */
/* N = A0 */
if( mask != 0 )