mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-07 13:22:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Don't trim MPIs to minimal size in mbedtls_mpi_mul_mpi()

Browse Source 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit is contained in:
Hanno Becker 2022-04-12 10:49:53 +01:00
parent 53b3c607a0
commit 808e666eee
1 changed files with 17 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
library/bignum.c
View File

@ -1440,9 +1440,7 @@ mbedtls_mpi_uint mbedtls_mpi_core_mla( mbedtls_mpi_uint *d, size_t d_len,
int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, j, k;
mbedtls_mpi TA, TB; mbedtls_mpi TA, TB;
int result_is_zero = 0;
MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL ); MPI_VALIDATE_RET( A != NULL );
MPI_VALIDATE_RET( B != NULL ); MPI_VALIDATE_RET( B != NULL );
@ -1452,38 +1450,31 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
if( X == A ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); A = &TA; } if( X == A ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); A = &TA; }
if( X == B ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); B = &TB; } if( X == B ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); B = &TB; }
for( i = A->n; i > 0; i-- ) const size_t A_len = A->n, B_len = B->n;
if( A->p[i - 1] != 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, A_len + B_len ) );
break;
if( i == 0 )
result_is_zero = 1;
for( j = B->n; j > 0; j-- )
if( B->p[j - 1] != 0 )
break;
if( j == 0 )
result_is_zero = 1;
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
for( k = 0; k < j; k++ ) for( size_t k = 0; k < B_len; k++ )
{ {
/* We know that there cannot be any carry-out since we're /* We know that there cannot be any carry-out since we're
* iterating from bottom to top. */ * iterating from bottom to top. */
(void) mbedtls_mpi_core_mla( X->p + k, i + 1, (void) mbedtls_mpi_core_mla( X->p + k, A_len + 1,
A->p, i, A->p, A_len,
B->p[k] ); B->p[k] );
} }
/* If the result is 0, we don't shortcut the operation, which reduces X->s = A->s * B->s;
* but does not eliminate side channels leaking the zero-ness. We do
* need to take care to set the sign bit properly since the library does /* The library does not fully support a "negative zero". */
* not fully support an MPI object with a value of 0 and s == -1. */ if( X->s == -1 )
if( result_is_zero ) {
X->s = 1; size_t i;
else for( i = X->n; i > 0; i-- )
X->s = A->s * B->s; if( X->p[i - 1] != 0 )
break;
if( i == 0 )
X->s = 1;
}
cleanup: cleanup: