From afb20796524f5bb746f4e0ee7e4e92a1e90cd380 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 20 Aug 2024 10:41:55 +0100 Subject: [PATCH] Clean up initialization in _core_exp_mod() Signed-off-by: Janos Follath --- library/bignum_core.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 2e2df37bb4..4231554b84 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -765,11 +765,21 @@ static inline void exp_mod_calc_first_bit_optionally_safe(const mbedtls_mpi_uint size_t *E_bit_index) { if (E_public == MBEDTLS_MPI_IS_PUBLIC) { + /* + * Skip leading zero bits. + */ size_t E_bits = mbedtls_mpi_core_bitlen(E, E_limbs); - if (E_bits != 0) { - *E_limb_index = E_bits / biL; - *E_bit_index = E_bits % biL; + if (E_bits == 0) { + /* + * If E is 0 mbedtls_mpi_core_bitlen() returns 0. Even if that is the case, we will want + * to represent it as a single 0 bit and as such the bitlength will be 1. + */ + E_bits = 1; } + + *E_limb_index = E_bits / biL; + *E_bit_index = E_bits % biL; + #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_PUBLIC; #endif @@ -847,8 +857,8 @@ static void mbedtls_mpi_core_exp_mod_optionally_safe(mbedtls_mpi_uint *X, /* We'll process the bits of E from most significant * (limb_index=E_limbs-1, E_bit_index=biL-1) to least significant * (limb_index=0, E_bit_index=0). */ - size_t E_limb_index = E_limbs; - size_t E_bit_index = 0; + size_t E_limb_index; + size_t E_bit_index; exp_mod_calc_first_bit_optionally_safe(E, E_limbs, E_public, &E_limb_index, &E_bit_index);