diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c index 11f187160..13fe73a0f 100644 --- a/wolfcrypt/src/sp_arm32.c +++ b/wolfcrypt/src/sp_arm32.c @@ -75856,15 +75856,19 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_256_norm_8(r); - sp_256_from_mp(x, 8, priv); - sp_256_from_bin(e, 8, hash, (int)hashLen); + if (sp_256_iszero_8(r) == 0) { + /* x is modified in calculation of s. */ + sp_256_from_mp(x, 8, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_256_from_bin(e, 8, hash, (int)hashLen); - err = sp_256_calc_s_8(s, r, k, x, e, tmp); - } + err = sp_256_calc_s_8(s, r, k, x, e, tmp); - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_256_iszero_8(s) == 0)) { - break; + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_256_iszero_8(s) == 0)) { + break; + } + } } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; @@ -93466,15 +93470,19 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_384_norm_12(r); - sp_384_from_mp(x, 12, priv); - sp_384_from_bin(e, 12, hash, (int)hashLen); + if (sp_384_iszero_12(r) == 0) { + /* x is modified in calculation of s. */ + sp_384_from_mp(x, 12, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_384_from_bin(e, 12, hash, (int)hashLen); - err = sp_384_calc_s_12(s, r, k, x, e, tmp); - } + err = sp_384_calc_s_12(s, r, k, x, e, tmp); - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_384_iszero_12(s) == 0)) { - break; + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_384_iszero_12(s) == 0)) { + break; + } + } } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; @@ -121604,19 +121612,24 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_521_norm_17(r); - sp_521_from_mp(x, 17, priv); - sp_521_from_bin(e, 17, hash, (int)hashLen); + if (sp_521_iszero_17(r) == 0) { + /* x is modified in calculation of s. */ + sp_521_from_mp(x, 17, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_521_from_bin(e, 17, hash, (int)hashLen); - if (hashLen == 66U) { - sp_521_rshift_17(e, e, 7); + /* Take 521 leftmost bits of hash. */ + if (hashLen == 66U) { + sp_521_rshift_17(e, e, 7); + } + + err = sp_521_calc_s_17(s, r, k, x, e, tmp); + + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_521_iszero_17(s) == 0)) { + break; + } } - - err = sp_521_calc_s_17(s, r, k, x, e, tmp); - } - - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_521_iszero_17(s) == 0)) { - break; } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c index c61a29e18..97d121d49 100644 --- a/wolfcrypt/src/sp_arm64.c +++ b/wolfcrypt/src/sp_arm64.c @@ -40604,15 +40604,19 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_256_norm_4(r); - sp_256_from_mp(x, 4, priv); - sp_256_from_bin(e, 4, hash, (int)hashLen); + if (sp_256_iszero_4(r) == 0) { + /* x is modified in calculation of s. */ + sp_256_from_mp(x, 4, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_256_from_bin(e, 4, hash, (int)hashLen); - err = sp_256_calc_s_4(s, r, k, x, e, tmp); - } + err = sp_256_calc_s_4(s, r, k, x, e, tmp); - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_256_iszero_4(s) == 0)) { - break; + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_256_iszero_4(s) == 0)) { + break; + } + } } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; @@ -66724,15 +66728,19 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_384_norm_6(r); - sp_384_from_mp(x, 6, priv); - sp_384_from_bin(e, 6, hash, (int)hashLen); + if (sp_384_iszero_6(r) == 0) { + /* x is modified in calculation of s. */ + sp_384_from_mp(x, 6, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_384_from_bin(e, 6, hash, (int)hashLen); - err = sp_384_calc_s_6(s, r, k, x, e, tmp); - } + err = sp_384_calc_s_6(s, r, k, x, e, tmp); - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_384_iszero_6(s) == 0)) { - break; + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_384_iszero_6(s) == 0)) { + break; + } + } } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; @@ -111542,19 +111550,24 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_521_norm_9(r); - sp_521_from_mp(x, 9, priv); - sp_521_from_bin(e, 9, hash, (int)hashLen); + if (sp_521_iszero_9(r) == 0) { + /* x is modified in calculation of s. */ + sp_521_from_mp(x, 9, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_521_from_bin(e, 9, hash, (int)hashLen); - if (hashLen == 66U) { - sp_521_rshift_9(e, e, 7); + /* Take 521 leftmost bits of hash. */ + if (hashLen == 66U) { + sp_521_rshift_9(e, e, 7); + } + + err = sp_521_calc_s_9(s, r, k, x, e, tmp); + + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_521_iszero_9(s) == 0)) { + break; + } } - - err = sp_521_calc_s_9(s, r, k, x, e, tmp); - } - - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_521_iszero_9(s) == 0)) { - break; } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c index ad9f4f4af..6395b7845 100644 --- a/wolfcrypt/src/sp_armthumb.c +++ b/wolfcrypt/src/sp_armthumb.c @@ -105816,15 +105816,19 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_256_norm_8(r); - sp_256_from_mp(x, 8, priv); - sp_256_from_bin(e, 8, hash, (int)hashLen); + if (sp_256_iszero_8(r) == 0) { + /* x is modified in calculation of s. */ + sp_256_from_mp(x, 8, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_256_from_bin(e, 8, hash, (int)hashLen); - err = sp_256_calc_s_8(s, r, k, x, e, tmp); - } + err = sp_256_calc_s_8(s, r, k, x, e, tmp); - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_256_iszero_8(s) == 0)) { - break; + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_256_iszero_8(s) == 0)) { + break; + } + } } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; @@ -116585,15 +116589,19 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_384_norm_12(r); - sp_384_from_mp(x, 12, priv); - sp_384_from_bin(e, 12, hash, (int)hashLen); + if (sp_384_iszero_12(r) == 0) { + /* x is modified in calculation of s. */ + sp_384_from_mp(x, 12, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_384_from_bin(e, 12, hash, (int)hashLen); - err = sp_384_calc_s_12(s, r, k, x, e, tmp); - } + err = sp_384_calc_s_12(s, r, k, x, e, tmp); - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_384_iszero_12(s) == 0)) { - break; + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_384_iszero_12(s) == 0)) { + break; + } + } } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; @@ -132784,19 +132792,24 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_521_norm_17(r); - sp_521_from_mp(x, 17, priv); - sp_521_from_bin(e, 17, hash, (int)hashLen); + if (sp_521_iszero_17(r) == 0) { + /* x is modified in calculation of s. */ + sp_521_from_mp(x, 17, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_521_from_bin(e, 17, hash, (int)hashLen); - if (hashLen == 66U) { - sp_521_rshift_17(e, e, 7); + /* Take 521 leftmost bits of hash. */ + if (hashLen == 66U) { + sp_521_rshift_17(e, e, 7); + } + + err = sp_521_calc_s_17(s, r, k, x, e, tmp); + + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_521_iszero_17(s) == 0)) { + break; + } } - - err = sp_521_calc_s_17(s, r, k, x, e, tmp); - } - - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_521_iszero_17(s) == 0)) { - break; } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index 5baa62eee..74b050105 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -25796,15 +25796,19 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_256_norm_9(r); - sp_256_from_mp(x, 9, priv); - sp_256_from_bin(e, 9, hash, (int)hashLen); + if (sp_256_iszero_9(r) == 0) { + /* x is modified in calculation of s. */ + sp_256_from_mp(x, 9, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_256_from_bin(e, 9, hash, (int)hashLen); - err = sp_256_calc_s_9(s, r, k, x, e, tmp); - } + err = sp_256_calc_s_9(s, r, k, x, e, tmp); - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_256_iszero_9(s) == 0)) { - break; + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_256_iszero_9(s) == 0)) { + break; + } + } } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; @@ -33873,15 +33877,19 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_384_norm_15(r); - sp_384_from_mp(x, 15, priv); - sp_384_from_bin(e, 15, hash, (int)hashLen); + if (sp_384_iszero_15(r) == 0) { + /* x is modified in calculation of s. */ + sp_384_from_mp(x, 15, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_384_from_bin(e, 15, hash, (int)hashLen); - err = sp_384_calc_s_15(s, r, k, x, e, tmp); - } + err = sp_384_calc_s_15(s, r, k, x, e, tmp); - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_384_iszero_15(s) == 0)) { - break; + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_384_iszero_15(s) == 0)) { + break; + } + } } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; @@ -42024,20 +42032,25 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_521_norm_21(r); - sp_521_from_mp(x, 21, priv); - sp_521_from_bin(e, 21, hash, (int)hashLen); + if (sp_521_iszero_21(r) == 0) { + /* x is modified in calculation of s. */ + sp_521_from_mp(x, 21, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_521_from_bin(e, 21, hash, (int)hashLen); - if (hashLen == 66U) { - sp_521_rshift_21(e, e, 7); - e[20] |= ((sp_digit)hash[0]) << 13; + /* Take 521 leftmost bits of hash. */ + if (hashLen == 66U) { + sp_521_rshift_21(e, e, 7); + e[20] |= ((sp_digit)hash[0]) << 13; + } + + err = sp_521_calc_s_21(s, r, k, x, e, tmp); + + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_521_iszero_21(s) == 0)) { + break; + } } - - err = sp_521_calc_s_21(s, r, k, x, e, tmp); - } - - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_521_iszero_21(s) == 0)) { - break; } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index bd3b62260..21f265395 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -26689,15 +26689,19 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_256_norm_5(r); - sp_256_from_mp(x, 5, priv); - sp_256_from_bin(e, 5, hash, (int)hashLen); + if (sp_256_iszero_5(r) == 0) { + /* x is modified in calculation of s. */ + sp_256_from_mp(x, 5, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_256_from_bin(e, 5, hash, (int)hashLen); - err = sp_256_calc_s_5(s, r, k, x, e, tmp); - } + err = sp_256_calc_s_5(s, r, k, x, e, tmp); - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_256_iszero_5(s) == 0)) { - break; + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_256_iszero_5(s) == 0)) { + break; + } + } } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; @@ -34157,15 +34161,19 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_384_norm_7(r); - sp_384_from_mp(x, 7, priv); - sp_384_from_bin(e, 7, hash, (int)hashLen); + if (sp_384_iszero_7(r) == 0) { + /* x is modified in calculation of s. */ + sp_384_from_mp(x, 7, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_384_from_bin(e, 7, hash, (int)hashLen); - err = sp_384_calc_s_7(s, r, k, x, e, tmp); - } + err = sp_384_calc_s_7(s, r, k, x, e, tmp); - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_384_iszero_7(s) == 0)) { - break; + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_384_iszero_7(s) == 0)) { + break; + } + } } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; @@ -41622,20 +41630,25 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_521_norm_9(r); - sp_521_from_mp(x, 9, priv); - sp_521_from_bin(e, 9, hash, (int)hashLen); + if (sp_521_iszero_9(r) == 0) { + /* x is modified in calculation of s. */ + sp_521_from_mp(x, 9, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_521_from_bin(e, 9, hash, (int)hashLen); - if (hashLen == 66U) { - sp_521_rshift_9(e, e, 7); - e[8] |= ((sp_digit)hash[0]) << 49; + /* Take 521 leftmost bits of hash. */ + if (hashLen == 66U) { + sp_521_rshift_9(e, e, 7); + e[8] |= ((sp_digit)hash[0]) << 49; + } + + err = sp_521_calc_s_9(s, r, k, x, e, tmp); + + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_521_iszero_9(s) == 0)) { + break; + } } - - err = sp_521_calc_s_9(s, r, k, x, e, tmp); - } - - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_521_iszero_9(s) == 0)) { - break; } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index 9f4007a7f..99c6cc641 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -23710,15 +23710,19 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_256_norm_8(r); - sp_256_from_mp(x, 8, priv); - sp_256_from_bin(e, 8, hash, (int)hashLen); + if (sp_256_iszero_8(r) == 0) { + /* x is modified in calculation of s. */ + sp_256_from_mp(x, 8, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_256_from_bin(e, 8, hash, (int)hashLen); - err = sp_256_calc_s_8(s, r, k, x, e, tmp); - } + err = sp_256_calc_s_8(s, r, k, x, e, tmp); - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_256_iszero_8(s) == 0)) { - break; + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_256_iszero_8(s) == 0)) { + break; + } + } } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; @@ -31035,15 +31039,19 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_384_norm_12(r); - sp_384_from_mp(x, 12, priv); - sp_384_from_bin(e, 12, hash, (int)hashLen); + if (sp_384_iszero_12(r) == 0) { + /* x is modified in calculation of s. */ + sp_384_from_mp(x, 12, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_384_from_bin(e, 12, hash, (int)hashLen); - err = sp_384_calc_s_12(s, r, k, x, e, tmp); - } + err = sp_384_calc_s_12(s, r, k, x, e, tmp); - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_384_iszero_12(s) == 0)) { - break; + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_384_iszero_12(s) == 0)) { + break; + } + } } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; @@ -39987,19 +39995,24 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_521_norm_17(r); - sp_521_from_mp(x, 17, priv); - sp_521_from_bin(e, 17, hash, (int)hashLen); + if (sp_521_iszero_17(r) == 0) { + /* x is modified in calculation of s. */ + sp_521_from_mp(x, 17, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_521_from_bin(e, 17, hash, (int)hashLen); - if (hashLen == 66U) { - sp_521_rshift_17(e, e, 7); + /* Take 521 leftmost bits of hash. */ + if (hashLen == 66U) { + sp_521_rshift_17(e, e, 7); + } + + err = sp_521_calc_s_17(s, r, k, x, e, tmp); + + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_521_iszero_17(s) == 0)) { + break; + } } - - err = sp_521_calc_s_17(s, r, k, x, e, tmp); - } - - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_521_iszero_17(s) == 0)) { - break; } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c index dbac03baf..d77494169 100644 --- a/wolfcrypt/src/sp_x86_64.c +++ b/wolfcrypt/src/sp_x86_64.c @@ -25767,15 +25767,19 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_256_norm_4(r); - sp_256_from_mp(x, 4, priv); - sp_256_from_bin(e, 4, hash, (int)hashLen); + if (sp_256_iszero_4(r) == 0) { + /* x is modified in calculation of s. */ + sp_256_from_mp(x, 4, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_256_from_bin(e, 4, hash, (int)hashLen); - err = sp_256_calc_s_4(s, r, k, x, e, tmp); - } + err = sp_256_calc_s_4(s, r, k, x, e, tmp); - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_256_iszero_4(s) == 0)) { - break; + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_256_iszero_4(s) == 0)) { + break; + } + } } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; @@ -50660,15 +50664,19 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_384_norm_6(r); - sp_384_from_mp(x, 6, priv); - sp_384_from_bin(e, 6, hash, (int)hashLen); + if (sp_384_iszero_6(r) == 0) { + /* x is modified in calculation of s. */ + sp_384_from_mp(x, 6, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_384_from_bin(e, 6, hash, (int)hashLen); - err = sp_384_calc_s_6(s, r, k, x, e, tmp); - } + err = sp_384_calc_s_6(s, r, k, x, e, tmp); - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_384_iszero_6(s) == 0)) { - break; + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_384_iszero_6(s) == 0)) { + break; + } + } } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1; @@ -91792,19 +91800,24 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng, (sp_digit)0 - (sp_digit)(c >= 0)); sp_521_norm_9(r); - sp_521_from_mp(x, 9, priv); - sp_521_from_bin(e, 9, hash, (int)hashLen); + if (sp_521_iszero_9(r) == 0) { + /* x is modified in calculation of s. */ + sp_521_from_mp(x, 9, priv); + /* s ptr == e ptr, e is modified in calculation of s. */ + sp_521_from_bin(e, 9, hash, (int)hashLen); - if (hashLen == 66U) { - sp_521_rshift_9(e, e, 7); + /* Take 521 leftmost bits of hash. */ + if (hashLen == 66U) { + sp_521_rshift_9(e, e, 7); + } + + err = sp_521_calc_s_9(s, r, k, x, e, tmp); + + /* Check that signature is usable. */ + if ((err == MP_OKAY) && (sp_521_iszero_9(s) == 0)) { + break; + } } - - err = sp_521_calc_s_9(s, r, k, x, e, tmp); - } - - /* Check that signature is usable. */ - if ((err == MP_OKAY) && (sp_521_iszero_9(s) == 0)) { - break; } #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP i = 1;