Mbed-TLS/mbedtls

Memory corruption through mbedtls_mpi_sub_abs

guidovranken opened this issue · 0 comments

guidovranken commented 
#include <mbedtls/bignum.h>

#define CF_CHECK_EQ(expr, res) if ( (expr) != (res) ) { goto end; }

int main(void)
{
    mbedtls_mpi A, B, R;

    /* noret */ mbedtls_mpi_init(&A);
    /* noret */ mbedtls_mpi_init(&B);
    /* noret */ mbedtls_mpi_init(&R);

    CF_CHECK_EQ(mbedtls_mpi_read_string(&A, 10, "18446744073709551610"), 0);
    CF_CHECK_EQ(mbedtls_mpi_read_string(&B, 10, "700000000000000000000000000000000000000000000000000000000000000000000000000000"), 0);

    mbedtls_mpi_sub_abs(&R, &A, &B);

end:
    /* noret */ mbedtls_mpi_free(&A);
    /* noret */ mbedtls_mpi_free(&B);
    /* noret */ mbedtls_mpi_free(&R);
    return 0;
}