Hardening flag causes crash on 32-bit RISC-V systems

tnltom · February 25, 2020, 12:21pm

When Mbed TLS is compiled for 32-bit RISC-V Linux, the mbedtls_entropy_gather() function can cause an abort when using the GCC -ftrapv hardening flag.

The mbedtls_entropy_gather() function falls through to the mbedtls_timing_hardclock() function (when enabled). For the RISC-V architecture, the fallback C function that uses gettimeofday() system call is used.

In line 236 of timing.c, the time is converted to microseconds:
gettimeofday( &tv_cur, NULL );
return( ( tv_cur.tv_sec - tv_init.tv_sec ) * 1000000
+ ( tv_cur.tv_usec - tv_init.tv_usec ) );

When compiled for 32-bit RISC-V Linux, the time_t type is a 32-bit signed integer. The multiplication of ( tv_cur.tv_sec - tv_init.tv_sec ) * 1000000 will cause a signed integer overflow and hence an abort.
When making the constant unsigned (e.g. 1000000U), GCC will see the multiplication as unsigned multiplication and hence not trap. The overflow itself is by design according to the API Documentation.

roneld01 · February 25, 2020, 12:30pm

Thank you @tnltom for raising this issue!

I have created this ticket on your behalf for better tracking this.

I believe this crash would happen in other calls that use gettimeofday() as well, not only the weak timing entropy source

Regards,
Mbed TLS Support
Ron

Topic		Replies	Views
MbedTLS issue when using with with HTTPs server (RSA certificates, buffer overflow, MAGIC1 corruption) Mbed TLS mbed_tls	1	684	September 22, 2021
Entropy initialization crash Mbed TLS	0	294	July 18, 2022
HardFault on STM32F103 Platform specific questions	2	1718	June 20, 2018
Fatal error when trying to communicate over TLS Bugs mbed_tls , mbed_os	0	930	April 21, 2021
MbedTLS handshake failure during write client key exchange (client state 8) Mbed OS	0	531	January 20, 2022

Hardening flag causes crash on 32-bit RISC-V systems

Related topics