From 9a0a48e0939e39e81027d71a1d1b0f6facc62497 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 22 Nov 2019 15:47:05 -0700 Subject: [PATCH 1/4] sanity check on "a" input to invmod --- wolfcrypt/src/tfm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index a5c409f47..20f356de3 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -1023,6 +1023,11 @@ int fp_invmod(fp_int *a, fp_int *b, fp_int *c) #endif int neg; + /* [modified] sanity check on "a" */ + if (fp_iszero(a) == FP_YES) { + return FP_VAL; /* can not divide by 0 here */ + } + /* 2. [modified] b must be odd */ if (fp_iseven (b) == FP_YES) { return fp_invmod_slow(a,b,c); From 316b8b0b4d6889382d08513f9df8b6fa51863328 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 25 Nov 2019 10:47:08 -0700 Subject: [PATCH 2/4] add early return to normal math and WOLFSSL_VALIDATE_ECC_IMPORT to enable-all and enable-fpecc builds --- configure.ac | 6 ++++++ wolfcrypt/src/integer.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 9de62ae66..f16facdfa 100644 --- a/configure.ac +++ b/configure.ac @@ -199,6 +199,9 @@ then # Enable multiple attribute additions such as DC AM_CFLAGS="-DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS" + + # Enable checks on ECC keys that are imported + AM_CFLAGS="-DWOLFSSL_VALIDATE_ECC_IMPORT $AM_CFLAGS" fi @@ -1626,6 +1629,9 @@ then AC_MSG_ERROR([cannot enable fpecc without enabling ecc.]) fi AM_CFLAGS="$AM_CFLAGS -DFP_ECC" + + # Enable checks on ECC keys that are imported + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT" fi diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 668253303..4c81c653f 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -965,7 +965,7 @@ int mp_invmod (mp_int * a, mp_int * b, mp_int * c) #endif { /* b cannot be negative */ - if (b->sign == MP_NEG || mp_iszero(b) == MP_YES) { + if (b->sign == MP_NEG || mp_iszero(b) == MP_YES || mp_iszero(a) == MP_YES) { return MP_VAL; } From 7c3a4a1975882c019d5685dd75940b15cc528a55 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 25 Nov 2019 10:57:09 -0700 Subject: [PATCH 3/4] update comment to reflect new sanity check --- wolfcrypt/src/integer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 4c81c653f..852d291b3 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -964,7 +964,7 @@ int wolfcrypt_mp_invmod(mp_int * a, mp_int * b, mp_int * c) int mp_invmod (mp_int * a, mp_int * b, mp_int * c) #endif { - /* b cannot be negative */ + /* b cannot be negative or zero, and can not divide by 0 (1/a mod b) */ if (b->sign == MP_NEG || mp_iszero(b) == MP_YES || mp_iszero(a) == MP_YES) { return MP_VAL; } From 2efa91632e330ba8ab34ffea585b7666bb2f7b1e Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 2 Dec 2019 08:56:00 -0700 Subject: [PATCH 4/4] revert adding import check in configure.ac --- configure.ac | 6 ------ 1 file changed, 6 deletions(-) diff --git a/configure.ac b/configure.ac index f16facdfa..9de62ae66 100644 --- a/configure.ac +++ b/configure.ac @@ -199,9 +199,6 @@ then # Enable multiple attribute additions such as DC AM_CFLAGS="-DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS" - - # Enable checks on ECC keys that are imported - AM_CFLAGS="-DWOLFSSL_VALIDATE_ECC_IMPORT $AM_CFLAGS" fi @@ -1629,9 +1626,6 @@ then AC_MSG_ERROR([cannot enable fpecc without enabling ecc.]) fi AM_CFLAGS="$AM_CFLAGS -DFP_ECC" - - # Enable checks on ECC keys that are imported - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT" fi