From 2f4a28af46128800f64bbd5af82598fef5c989cd Mon Sep 17 00:00:00 2001
From: Aditya Patwardhan <aditya.patwardhan@espressif.com>
Date: Mon, 15 Aug 2022 00:44:13 +0530
Subject: [PATCH] esp_rsa_sign_alt: Fix esp_init_ds_data_ctx API to not modify
 user defined data when it is given directory from flash

---
 .../mbedtls/port/esp_ds/esp_rsa_sign_alt.c    | 21 ++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c
index a6f9f0cde15..86e15b6950f 100644
--- a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c
+++ b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c
@@ -6,6 +6,7 @@
 
 #include "esp_ds.h"
 #include "rsa_sign_alt.h"
+#include "esp_memory_utils.h"
 
 #ifdef CONFIG_IDF_TARGET_ESP32S2
 #include "esp32s2/rom/digital_signature.h"
@@ -57,7 +58,7 @@ void esp_ds_set_session_timeout(int timeout)
     }
 }
 
-esp_err_t  esp_ds_init_data_ctx(esp_ds_data_ctx_t *ds_data)
+esp_err_t esp_ds_init_data_ctx(esp_ds_data_ctx_t *ds_data)
 {
     if (ds_data == NULL || ds_data->esp_ds_data == NULL) {
         return ESP_ERR_INVALID_ARG;
@@ -69,8 +70,22 @@ esp_err_t  esp_ds_init_data_ctx(esp_ds_data_ctx_t *ds_data)
     }
     s_ds_data = ds_data->esp_ds_data;
     s_esp_ds_hmac_key_id = (hmac_key_id_t) ds_data->efuse_key_id;
-    /* calculate the rsa_length in terms of esp_digital_signature_length_t which is required for the internal DS API */
-    s_ds_data->rsa_length = (ds_data->rsa_length_bits / 32) - 1;
+
+    const unsigned rsa_length_int = (ds_data->rsa_length_bits / 32) - 1;
+    if (esp_ptr_byte_accessible(s_ds_data)) {
+        /* calculate the rsa_length in terms of esp_digital_signature_length_t which is required for the internal DS API */
+        s_ds_data->rsa_length = rsa_length_int;
+    } else if (s_ds_data->rsa_length != rsa_length_int) {
+        /*
+         * Configuration data is most likely from DROM segment and it
+         * is not properly formatted for all parameters consideration.
+         * Moreover, we can not modify as it is read-only and hence
+         * the error.
+         */
+        ESP_LOGE(TAG, "RSA length mismatch %u, %u", s_ds_data->rsa_length, rsa_length_int);
+        return ESP_ERR_INVALID_ARG;
+    }
+
     return ESP_OK;
 }