[BUG] rsa: crash in br_i32_decode() called from rsa_gen_key_prop()

Mon Sep 7 17:58:14 CEST 2020

Hello Takahiro,

on the 32bit Wandboard (with i.mx6 CPU) running the lib_asn1_pkcs7 unit
test results in a crash due to an unaligned access occurring when
br_i32_decode() is called by rsa_gen_key_prop().

Please, check the alignment assumptions for src when calling
br_i32_decode(). If src is only 1 byte aligned, you should neither call
be32_to_cpup() nor be16_to_cpup() which assume 32bit and 16bit alignment.

----Running lib tests----
Running 14 lib tests
Test: lib_asn1_pkcs7
data abort
pc : [<8efb3a8e>]          lr : [<8efb3bbd>]
reloc pc : [<17845a8e>]    lr : [<17845bbd>]
sp : 8e561330  ip : 00000001     fp : 8efd9d66
r10: 8e58f040  r9 : 8e56dec0     r8 : 8e588748
r7 : 00000001  r6 : 8e58f350     r5 : 8e58f350  r4 : 8e58f350
r3 : 000000fc  r2 : 00000100     r1 : 8e58ee49  r0 : 8e58f350
Flags: nzCv  IRQs off  FIQs off  Mode SVC_32 (T)
Code: ea43 4302 e7a2 3b04 (58c8) ba00
Resetting CPU ...

resetting ...

br_i32_decode():

        return be16_to_cpup(src);
17845a84:       b29b            uxth    r3, r3
                                        w = ((uint32_t)buf[0] << 16)
17845a86:       ea43 4302       orr.w   r3, r3, r2, lsl #16
17845a8a:       e7a2            b.n     178459d2 <br_i32_decode+0x24>
                        u -= 4;
17845a8c:       3b04            subs    r3, #4
        return __arch__swab32p(x);
17845a8e:       58c8            ldr     r0, [r1, r3]  <<<<<<<<<<<<<<
17845a90:       ba00            rev     r0, r0
                        x[v ++] = br_dec32be(buf + u);
17845a92:       f845 0f04       str.w   r0, [r5, #4]!
                if (u < 4) {
17845a96:       e78f            b.n     178459b8 <br_i32_decode+0xa>
        return y ^ (-ctl & (x ^ y));

rsa_gen_key_prop():

        /* n0 inverse */
        br_i32_decode(n, &rsa_key.n[i], rsa_key.n_sz - i);
17845bac:       9910            ldr     r1, [sp, #64]   ; 0x40
        (*prop)->exp_len = sizeof(uint64_t);
17845bae:       615a            str     r2, [r3, #20]
        br_i32_decode(n, &rsa_key.n[i], rsa_key.n_sz - i);
17845bb0:       9a18            ldr     r2, [sp, #96]   ; 0x60
17845bb2:       4439            add     r1, r7
17845bb4:       1bd2            subs    r2, r2, r7
17845bb6:       4630            mov     r0, r6
17845bb8:       f7ff fef9       bl      178459ae <br_i32_decode> <<<<<<
        (*prop)->n0inv = br_i32_ninv32(n[1]);
17845bbc:       6873            ldr     r3, [r6, #4]
17845bbe:       682a            ldr     r2, [r5, #0]
        y = 2 - x;
17845bc0:       f1c3 0102       rsb     r1, r3, #2

Best regards

Heinrich