Mbed TLS: Fix wrong MPI N in ECP Curve448 curve

ccli8 · ccli8 · commit 82bdf07332c9 · 2022-05-20T17:52:04.000+08:00
In loading Curve448, MPI N is in uninitialized state and its sign flag N.s isn't initialized to 1.
Following most other code, this can be fixed by invoking mbedtls_mpi_lset() on it.
diff --git a/connectivity/mbedtls/source/ecp_curves.c b/connectivity/mbedtls/source/ecp_curves.c
@@ -745,6 +745,15 @@ static int ecp_use_curve448( mbedtls_ecp_group *grp )
     mbedtls_mpi_free( &grp->G.Y );
 
     /* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */
+    /* Fix wrong sign flag grp->N.s
+     *
+     * grp->N is in uninitialized state due to caller's having invoked
+     * mbedtls_ecp_group_free(grp) before. In uninitialized state, grp->N.s
+     * is not initialized to 1 to indicate positive. This can fix by
+     * re-initializing through mbedtls_mpi_lset(&grp->N, 0), following
+     * most other code.
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->N, 0 ) );
     MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) );
     MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &Ns, 16,
                                               "8335DC163BB124B65129C96FDE933D8D723A70AADC873D6D54A7BB0D" ) );
