diff --git a/library/bignum.c b/library/bignum.c index 1b80200cb1..7e35aa6996 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -862,12 +862,19 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi if( X == B ) { - const mbedtls_mpi *T; + if( B == A ) + { + // Making a temporary copy instead of shifting by one to deny + // the possibility of corresponding side-channel attacks. + mbedtls_mpi TB; - if( B == A) - return mbedtls_mpi_shift_l( X, 1 ); + mbedtls_mpi_init( &TB ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); + + return mbedtls_mpi_add_abs( X, A, &TB ); + } - T = A; A = X; B = T; + B = A; A = X; } if( X != A ) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 788893b356..2a709bc7bb 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -448,8 +448,17 @@ void mbedtls_mpi_add_mpi_inplace( int radix_X, char *input_X, int radix_A, char mbedtls_mpi X, A; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &X ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_int( &X, 0 ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &X ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &X ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );