From 74a11a31cbaf3c1ad50b50e0068f3b9eb997211c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 6 Apr 2022 06:27:00 +0100 Subject: [PATCH] Adjust mbedtls_mpi_mul_int() to changed signature of mpi_mul_hlp() A previous commit has changed the signature of mpi_mul_hlp(), making the length of the output explicit. This commit adjusts mbedtls_mpi_mul_int() to this change. Along the way, we make the code simpler and more secure by not calculating the minimal limb-size of A. A previous comment indicated that this was functionally necessary because of the implementation of mpi_mul_hlp() -- if it ever was, it isn't anymore. Signed-off-by: Hanno Becker --- library/bignum.c | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index da8e8ca3c7..91ba824af6 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1525,17 +1525,9 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( A != NULL ); - /* mpi_mul_hlp can't deal with a leading 0. */ - size_t n = A->n; - while( n > 0 && A->p[n - 1] == 0 ) - --n; - - /* The general method below doesn't work if n==0 or b==0. By chance - * calculating the result is trivial in those cases. */ - if( b == 0 || n == 0 ) - { + /* The general method below doesn't work if b==0. */ + if( b == 0 ) return( mbedtls_mpi_lset( X, 0 ) ); - } /* Calculate A*b as A + A*(b-1) to take advantage of mpi_mul_hlp */ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -1547,9 +1539,9 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint * calls to calloc() in ECP code, presumably because it reuses the * same mpi for a while and this way the mpi is more likely to directly * grow to its final size. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n + 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, A->n + 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) ); - mpi_mul_hlp( n, A->p, X->p, b - 1 ); + mpi_mul_hlp( X->p, X->n, A->p, A->n, b - 1 ); cleanup: return( ret );