From 8606788198945457b9ee6718de6719191a4878ea Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 9 Nov 2021 11:53:24 +1000 Subject: [PATCH] SP: mod_exp with exponent of 0 is invalid Don't allow exponenetiation by 0 as it is cryptographically invalid and not supported by the implementation. Also check for even modulus in mod_exp. --- wolfcrypt/src/sp_arm32.c | 440 ++++++++----- wolfcrypt/src/sp_arm64.c | 448 +++++++++----- wolfcrypt/src/sp_armthumb.c | 440 ++++++++----- wolfcrypt/src/sp_c32.c | 876 ++++++++++++++++++-------- wolfcrypt/src/sp_c64.c | 1028 +++++++++++++++++++++---------- wolfcrypt/src/sp_cortexm.c | 440 ++++++++----- wolfcrypt/src/sp_x86_64.c | 584 +++++++++++------- wolfcrypt/src/sp_x86_64_asm.S | 70 +-- wolfcrypt/src/sp_x86_64_asm.asm | 70 +-- 9 files changed, 2908 insertions(+), 1488 deletions(-) diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c index b26a201c0..debadba77 100644 --- a/wolfcrypt/src/sp_arm32.c +++ b/wolfcrypt/src/sp_arm32.c @@ -3897,14 +3897,14 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - ca); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -3916,9 +3916,9 @@ static void sp_2048_mont_mul_32(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_32(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -4721,7 +4721,9 @@ static WC_INLINE int sp_2048_mod_32(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -4741,11 +4743,20 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -4861,7 +4872,9 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -4881,11 +4894,20 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 64), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 64), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -6006,14 +6028,14 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - ca); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -6025,9 +6047,9 @@ static void sp_2048_mont_mul_64(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_64(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -7331,7 +7353,9 @@ static WC_INLINE int sp_2048_mod_64(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -7351,11 +7375,20 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 128), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 128), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -7462,7 +7495,9 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -7482,11 +7517,20 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -8644,7 +8688,9 @@ static void sp_2048_lshift_64(sp_digit* r, sp_digit* a, byte n) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) @@ -8665,11 +8711,17 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -14518,14 +14570,14 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - ca); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -14537,9 +14589,9 @@ static void sp_3072_mont_mul_48(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_48(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -15630,7 +15682,9 @@ static WC_INLINE int sp_3072_mod_48(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -15650,11 +15704,20 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -15770,7 +15833,9 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -15790,11 +15855,20 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 96), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 96), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -17363,14 +17437,14 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - ca); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -17382,9 +17456,9 @@ static void sp_3072_mont_mul_96(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_96(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -19168,7 +19242,9 @@ static WC_INLINE int sp_3072_mod_96(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -19188,11 +19264,20 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 192), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 192), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -19299,7 +19384,9 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -19319,11 +19406,20 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 192), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 192), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -20753,7 +20849,9 @@ static void sp_3072_lshift_96(sp_digit* r, sp_digit* a, byte n) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) @@ -20774,11 +20872,17 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 289, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 289, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -25362,14 +25466,14 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - ca); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -25381,9 +25485,9 @@ static void sp_4096_mont_mul_128(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_sqr_128(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -27647,7 +27751,9 @@ static WC_INLINE int sp_4096_mod_128(sp_digit* r, const sp_digit* a, const sp_di * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -27667,11 +27773,20 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 256), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 256), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -27778,7 +27893,9 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -27798,11 +27915,20 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 256), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 256), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -29504,7 +29630,9 @@ static void sp_4096_lshift_128(sp_digit* r, sp_digit* a, byte n) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) @@ -29525,11 +29653,17 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 385, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 385, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -29704,12 +29838,12 @@ static const sp_digit p256_mod[8] = { 0xffffffff,0xffffffff,0xffffffff,0x00000000,0x00000000,0x00000000, 0x00000001,0xffffffff }; -/* The Montogmery normalizer for modulus of the curve P256. */ +/* The Montgomery normalizer for modulus of the curve P256. */ static const sp_digit p256_norm_mod[8] = { 0x00000001,0x00000000,0x00000000,0xffffffff,0xffffffff,0xffffffff, 0xfffffffe,0x00000000 }; -/* The Montogmery multiplier for modulus of the curve P256. */ +/* The Montgomery multiplier for modulus of the curve P256. */ static const sp_digit p256_mp_mod = 0x00000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) @@ -29725,14 +29859,14 @@ static const sp_digit p256_order2[8] = { 0x00000000,0xffffffff }; #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery normalizer for order of the curve P256. */ +/* The Montgomery normalizer for order of the curve P256. */ static const sp_digit p256_norm_order[8] = { 0x039cdaaf,0x0c46353d,0x58e8617b,0x43190552,0x00000000,0x00000000, 0xffffffff,0x00000000 }; #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery multiplier for order of the curve P256. */ +/* The Montgomery multiplier for order of the curve P256. */ static const sp_digit p256_mp_order = 0xee00bc4f; #endif /* The base point of curve P256. */ @@ -30896,7 +31030,7 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, } #endif /* WOLFSSL_SP_SMALL */ -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -31323,14 +31457,14 @@ static int sp_256_point_to_ecc_point_8(const sp_point_256* p, ecc_point* pm) return err; } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -31985,9 +32119,9 @@ SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const /* Square the Montgomery form number mod the modulus (prime). (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -32502,10 +32636,10 @@ SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, const /* Square the Montgomery form number a number of times. (r = a ^ n mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * n Number of times to square. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_256_mont_sqr_n_8(sp_digit* r, const sp_digit* a, int n, const sp_digit* m, sp_digit mp) @@ -32979,8 +33113,8 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -33050,7 +33184,7 @@ static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b, /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -33103,7 +33237,7 @@ static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, const sp_digit* m) /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -33200,8 +33334,8 @@ static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, const sp_digit* m) /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -35172,7 +35306,7 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, * km Scalar to multiply by. * p Point to multiply. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -36721,7 +36855,7 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -39212,12 +39346,12 @@ static const sp_digit p384_mod[12] = { 0xffffffff,0x00000000,0x00000000,0xffffffff,0xfffffffe,0xffffffff, 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff }; -/* The Montogmery normalizer for modulus of the curve P384. */ +/* The Montgomery normalizer for modulus of the curve P384. */ static const sp_digit p384_norm_mod[12] = { 0x00000001,0xffffffff,0xffffffff,0x00000000,0x00000001,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000 }; -/* The Montogmery multiplier for modulus of the curve P384. */ +/* The Montgomery multiplier for modulus of the curve P384. */ static sp_digit p384_mp_mod = 0x00000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) @@ -39233,14 +39367,14 @@ static const sp_digit p384_order2[12] = { 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff }; #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery normalizer for order of the curve P384. */ +/* The Montgomery normalizer for order of the curve P384. */ static const sp_digit p384_norm_order[12] = { 0x333ad68d,0x1313e695,0xb74f5885,0xa7e5f24d,0x0bc8d220,0x389cb27e, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000 }; #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery multiplier for order of the curve P384. */ +/* The Montgomery multiplier for order of the curve P384. */ static sp_digit p384_mp_order = 0xe88fdc45; #endif /* The base point of curve P384. */ @@ -41329,7 +41463,7 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, } #endif /* WOLFSSL_SP_SMALL */ -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -41873,14 +42007,14 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - ca); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -41892,9 +42026,9 @@ static void sp_384_mont_mul_12(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_sqr_12(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -41907,10 +42041,10 @@ static void sp_384_mont_sqr_12(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number a number of times. (r = a ^ n mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * n Number of times to square. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_sqr_n_12(sp_digit* r, const sp_digit* a, int n, const sp_digit* m, sp_digit mp) @@ -42250,8 +42384,8 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -42266,7 +42400,7 @@ static void sp_384_mont_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_dbl_12(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -42280,7 +42414,7 @@ static void sp_384_mont_dbl_12(sp_digit* r, const sp_digit* a, const sp_digit* m /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_tpl_12(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -42402,8 +42536,8 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -44377,7 +44511,7 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, * km Scalar to multiply by. * p Point to multiply. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -45926,7 +46060,7 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -52048,7 +52182,7 @@ static const sp_digit p1024_mod[32] = { 0xb3e01a2e,0xbe9ae358,0x9cb48261,0x416c0ce1,0xdad0657a,0x65c61198, 0x0a563fda,0x997abb1f }; -/* The Montogmery normalizer for modulus of the curve P1024. */ +/* The Montgomery normalizer for modulus of the curve P1024. */ static const sp_digit p1024_norm_mod[32] = { 0x0157a015,0x99927f85,0x53853178,0x7f3a20ef,0x767a824f,0x031c17dc, 0xa968e0e0,0x606b2950,0xe3c3f655,0x5830c3ad,0xce7ad57d,0x49500b57, @@ -52057,7 +52191,7 @@ static const sp_digit p1024_norm_mod[32] = { 0x4c1fe5d1,0x41651ca7,0x634b7d9e,0xbe93f31e,0x252f9a85,0x9a39ee67, 0xf5a9c025,0x668544e0 }; -/* The Montogmery multiplier for modulus of the curve P1024. */ +/* The Montgomery multiplier for modulus of the curve P1024. */ static sp_digit p1024_mp_mod = 0x7c8f2f3d; #if defined(WOLFSSL_SP_SMALL) || defined(HAVE_ECC_CHECK_KEY) /* The order of the curve P1024. */ @@ -53234,7 +53368,7 @@ static WC_INLINE int sp_1024_mod_32(sp_digit* r, const sp_digit* a, const sp_dig return sp_1024_div_32(a, m, NULL, r); } -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -53828,14 +53962,14 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_1024_cond_sub_32(a - 32, a, m, ca); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_1024_mont_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -53847,9 +53981,9 @@ static void sp_1024_mont_mul_32(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_1024_mont_sqr_32(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -53968,8 +54102,8 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ static void sp_1024_mont_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -54138,7 +54272,7 @@ static void sp_1024_mont_add_32(sp_digit* r, const sp_digit* a, const sp_digit* /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ static void sp_1024_mont_dbl_32(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -54290,7 +54424,7 @@ static void sp_1024_mont_dbl_32(sp_digit* r, const sp_digit* a, const sp_digit* /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ static void sp_1024_mont_tpl_32(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -54597,8 +54731,8 @@ static void sp_1024_mont_tpl_32(sp_digit* r, const sp_digit* a, const sp_digit* /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ static void sp_1024_mont_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -60547,7 +60681,7 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c index 46afe9185..fc1752b9d 100644 --- a/wolfcrypt/src/sp_arm64.c +++ b/wolfcrypt/src/sp_arm64.c @@ -2637,14 +2637,14 @@ SP_NOINLINE static void sp_2048_mont_reduce_16(sp_digit* a, const sp_digit* m, } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_16(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -2656,9 +2656,9 @@ static void sp_2048_mont_mul_16(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_16(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -3223,7 +3223,9 @@ static WC_INLINE int sp_2048_mod_16(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -3243,11 +3245,20 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 32), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 32), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -3363,7 +3374,9 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -3383,11 +3396,20 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 32), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 32), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -3981,14 +4003,14 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -4000,9 +4022,9 @@ static void sp_2048_mont_mul_32(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_32(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -4788,7 +4810,9 @@ static WC_INLINE int sp_2048_mod_32(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -4808,11 +4832,20 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 64), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 64), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -4919,7 +4952,9 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -4939,11 +4974,20 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -5806,7 +5850,9 @@ static void sp_2048_lshift_32(sp_digit* r, sp_digit* a, byte n) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) @@ -5827,11 +5873,17 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 97, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 97, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -10056,14 +10108,14 @@ SP_NOINLINE static void sp_3072_mont_reduce_24(sp_digit* a, const sp_digit* m, } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_24(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -10075,9 +10127,9 @@ static void sp_3072_mont_mul_24(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_24(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -10794,7 +10846,9 @@ static WC_INLINE int sp_3072_mod_24(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -10814,11 +10868,20 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 48), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 48), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -10934,7 +10997,9 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -10954,11 +11019,20 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 48), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 48), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -11768,14 +11842,14 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -11787,9 +11861,9 @@ static void sp_3072_mont_mul_48(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_48(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -12783,7 +12857,9 @@ static WC_INLINE int sp_3072_mod_48(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -12803,11 +12879,20 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 96), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 96), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -12914,7 +12999,9 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -12934,11 +13021,20 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -13925,7 +14021,9 @@ static void sp_3072_lshift_48(sp_digit* r, sp_digit* a, byte n) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) @@ -13946,11 +14044,17 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 145, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 145, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -16740,14 +16844,14 @@ SP_NOINLINE static void sp_4096_mont_reduce_64(sp_digit* a, const sp_digit* m, } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -16759,9 +16863,9 @@ static void sp_4096_mont_mul_64(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_sqr_64(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -17963,7 +18067,9 @@ static WC_INLINE int sp_4096_mod_64(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -17983,11 +18089,20 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 128), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 128), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -18094,7 +18209,9 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -18114,11 +18231,20 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -19229,7 +19355,9 @@ static void sp_4096_lshift_64(sp_digit* r, sp_digit* a, byte n) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) @@ -19250,11 +19378,17 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -19430,12 +19564,12 @@ static const sp_digit p256_mod[4] = { 0xffffffffffffffffL,0x00000000ffffffffL,0x0000000000000000L, 0xffffffff00000001L }; -/* The Montogmery normalizer for modulus of the curve P256. */ +/* The Montgomery normalizer for modulus of the curve P256. */ static const sp_digit p256_norm_mod[4] = { 0x0000000000000001L,0xffffffff00000000L,0xffffffffffffffffL, 0x00000000fffffffeL }; -/* The Montogmery multiplier for modulus of the curve P256. */ +/* The Montgomery multiplier for modulus of the curve P256. */ static const sp_digit p256_mp_mod = 0x0000000000000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) @@ -19451,14 +19585,14 @@ static const sp_digit p256_order2[4] = { 0xffffffff00000000L }; #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery normalizer for order of the curve P256. */ +/* The Montgomery normalizer for order of the curve P256. */ static const sp_digit p256_norm_order[4] = { 0x0c46353d039cdaafL,0x4319055258e8617bL,0x0000000000000000L, 0x00000000ffffffffL }; #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery multiplier for order of the curve P256. */ +/* The Montgomery multiplier for order of the curve P256. */ static const sp_digit p256_mp_order = 0xccd1c8aaee00bc4fL; #endif #ifdef WOLFSSL_SP_SMALL @@ -19798,7 +19932,7 @@ static sp_digit sp_256_sub_4(sp_digit* r, const sp_digit* a, return (sp_digit)r; } -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -20091,14 +20225,14 @@ static void sp_256_cond_copy_4(sp_digit* r, const sp_digit* a, sp_digit m) ); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ SP_NOINLINE static void sp_256_mont_mul_4(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -20285,9 +20419,9 @@ SP_NOINLINE static void sp_256_mont_mul_4(sp_digit* r, const sp_digit* a, const /* Square the Montgomery form number mod the modulus (prime). (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ SP_NOINLINE static void sp_256_mont_sqr_4(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -20438,10 +20572,10 @@ SP_NOINLINE static void sp_256_mont_sqr_4(sp_digit* r, const sp_digit* a, const /* Square the Montgomery form number a number of times. (r = a ^ n mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * n Number of times to square. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_256_mont_sqr_n_4(sp_digit* r, const sp_digit* a, int n, const sp_digit* m, sp_digit mp) @@ -20850,8 +20984,8 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_add_4(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -20885,7 +21019,7 @@ static void sp_256_mont_add_4(sp_digit* r, const sp_digit* a, const sp_digit* b, /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_dbl_4(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -20918,7 +21052,7 @@ static void sp_256_mont_dbl_4(sp_digit* r, const sp_digit* a, const sp_digit* m) /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_tpl_4(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -20964,8 +21098,8 @@ static void sp_256_mont_tpl_4(sp_digit* r, const sp_digit* a, const sp_digit* m) /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_sub_4(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -21231,8 +21365,8 @@ static void sp_256_proj_point_dbl_4(sp_point_256* r, const sp_point_256* p, sp_d /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_sub_dbl_4(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -21278,8 +21412,8 @@ static void sp_256_mont_sub_dbl_4(sp_digit* r, const sp_digit* a, const sp_digit /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_dbl_sub_4(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -23082,7 +23216,7 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, * km Scalar to multiply by. * p Point to multiply. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -37065,7 +37199,7 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -39393,12 +39527,12 @@ static const sp_digit p384_mod[6] = { 0x00000000ffffffffL,0xffffffff00000000L,0xfffffffffffffffeL, 0xffffffffffffffffL,0xffffffffffffffffL,0xffffffffffffffffL }; -/* The Montogmery normalizer for modulus of the curve P384. */ +/* The Montgomery normalizer for modulus of the curve P384. */ static const sp_digit p384_norm_mod[6] = { 0xffffffff00000001L,0x00000000ffffffffL,0x0000000000000001L, 0x0000000000000000L,0x0000000000000000L,0x0000000000000000L }; -/* The Montogmery multiplier for modulus of the curve P384. */ +/* The Montgomery multiplier for modulus of the curve P384. */ static sp_digit p384_mp_mod = 0x0000000100000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) @@ -39414,14 +39548,14 @@ static const sp_digit p384_order2[6] = { 0xffffffffffffffffL,0xffffffffffffffffL,0xffffffffffffffffL }; #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery normalizer for order of the curve P384. */ +/* The Montgomery normalizer for order of the curve P384. */ static const sp_digit p384_norm_order[6] = { 0x1313e695333ad68dL,0xa7e5f24db74f5885L,0x389cb27e0bc8d220L, 0x0000000000000000L,0x0000000000000000L,0x0000000000000000L }; #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery multiplier for order of the curve P384. */ +/* The Montgomery multiplier for order of the curve P384. */ static sp_digit p384_mp_order = 0x6ed46089e88fdc45L; #endif #ifdef WOLFSSL_SP_SMALL @@ -40045,7 +40179,7 @@ static sp_digit sp_384_sub_6(sp_digit* r, const sp_digit* a, return (sp_digit)r; } -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -40499,14 +40633,14 @@ SP_NOINLINE static void sp_384_mont_reduce_6(sp_digit* a, const sp_digit* m, } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_mul_6(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -40518,9 +40652,9 @@ static void sp_384_mont_mul_6(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_sqr_6(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -40533,10 +40667,10 @@ static void sp_384_mont_sqr_6(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number a number of times. (r = a ^ n mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * n Number of times to square. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_sqr_n_6(sp_digit* r, const sp_digit* a, int n, const sp_digit* m, sp_digit mp) @@ -40824,8 +40958,8 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_add_6(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -40840,7 +40974,7 @@ static void sp_384_mont_add_6(sp_digit* r, const sp_digit* a, const sp_digit* b, /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_dbl_6(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -40854,7 +40988,7 @@ static void sp_384_mont_dbl_6(sp_digit* r, const sp_digit* a, const sp_digit* m) /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_tpl_6(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -40937,8 +41071,8 @@ static sp_digit sp_384_cond_add_6(sp_digit* r, const sp_digit* a, const sp_digit /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_sub_6(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -42979,7 +43113,7 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, * km Scalar to multiply by. * p Point to multiply. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -62784,7 +62918,7 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -66189,7 +66323,7 @@ static const sp_digit p1024_mod[16] = { 0xbe9ae358b3e01a2eL,0x416c0ce19cb48261L,0x65c61198dad0657aL, 0x997abb1f0a563fdaL }; -/* The Montogmery normalizer for modulus of the curve P1024. */ +/* The Montgomery normalizer for modulus of the curve P1024. */ static const sp_digit p1024_norm_mod[16] = { 0x99927f850157a015L,0x7f3a20ef53853178L,0x031c17dc767a824fL, 0x606b2950a968e0e0L,0x5830c3ade3c3f655L,0x49500b57ce7ad57dL, @@ -66198,7 +66332,7 @@ static const sp_digit p1024_norm_mod[16] = { 0x41651ca74c1fe5d1L,0xbe93f31e634b7d9eL,0x9a39ee67252f9a85L, 0x668544e0f5a9c025L }; -/* The Montogmery multiplier for modulus of the curve P1024. */ +/* The Montgomery multiplier for modulus of the curve P1024. */ static sp_digit p1024_mp_mod = 0x290420077c8f2f3d; #if defined(WOLFSSL_SP_SMALL) || defined(HAVE_ECC_CHECK_KEY) /* The order of the curve P1024. */ @@ -66908,7 +67042,7 @@ static WC_INLINE int sp_1024_mod_16(sp_digit* r, const sp_digit* a, const sp_dig return sp_1024_div_16(a, m, NULL, r); } -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -67500,14 +67634,14 @@ SP_NOINLINE static void sp_1024_mont_reduce_16(sp_digit* a, const sp_digit* m, } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_1024_mont_mul_16(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -67519,9 +67653,9 @@ static void sp_1024_mont_mul_16(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_1024_mont_sqr_16(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -67640,8 +67774,8 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ static void sp_1024_mont_add_16(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -67742,7 +67876,7 @@ static void sp_1024_mont_add_16(sp_digit* r, const sp_digit* a, const sp_digit* /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ static void sp_1024_mont_dbl_16(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -67834,7 +67968,7 @@ static void sp_1024_mont_dbl_16(sp_digit* r, const sp_digit* a, const sp_digit* /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ static void sp_1024_mont_tpl_16(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -67995,8 +68129,8 @@ static void sp_1024_mont_tpl_16(sp_digit* r, const sp_digit* a, const sp_digit* /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ static void sp_1024_mont_sub_16(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -73266,7 +73400,7 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c index 53ab4df62..d2d8f6276 100644 --- a/wolfcrypt/src/sp_armthumb.c +++ b/wolfcrypt/src/sp_armthumb.c @@ -22895,14 +22895,14 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, ); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -22914,9 +22914,9 @@ static void sp_2048_mont_mul_32(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_32(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -23780,7 +23780,9 @@ static WC_INLINE int sp_2048_mod_32(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -23800,11 +23802,20 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -23920,7 +23931,9 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -23940,11 +23953,20 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 64), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 64), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -25777,14 +25799,14 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, ); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -25796,9 +25818,9 @@ static void sp_2048_mont_mul_64(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_64(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -27211,7 +27233,9 @@ static WC_INLINE int sp_2048_mod_64(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -27231,11 +27255,20 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 128), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 128), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -27342,7 +27375,9 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -27362,11 +27397,20 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -29583,7 +29627,9 @@ static void sp_2048_lshift_64(sp_digit* r, const sp_digit* a, byte n) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) @@ -29604,11 +29650,17 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -73895,14 +73947,14 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, ); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -73914,9 +73966,9 @@ static void sp_3072_mont_mul_48(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_48(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -74780,7 +74832,9 @@ static WC_INLINE int sp_3072_mod_48(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -74800,11 +74854,20 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -74920,7 +74983,9 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -74940,11 +75005,20 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 96), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 96), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -77331,14 +77405,14 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, ); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -77350,9 +77424,9 @@ static void sp_3072_mont_mul_96(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_96(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -79042,7 +79116,9 @@ static WC_INLINE int sp_3072_mod_96(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -79062,11 +79138,20 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 192), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 192), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -79173,7 +79258,9 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -79193,11 +79280,20 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 192), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 192), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -82212,7 +82308,9 @@ static void sp_3072_lshift_96(sp_digit* r, const sp_digit* a, byte n) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) @@ -82233,11 +82331,17 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 289, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 289, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -89402,14 +89506,14 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, ); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -89421,9 +89525,9 @@ static void sp_4096_mont_mul_128(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_sqr_128(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -91386,7 +91490,9 @@ static WC_INLINE int sp_4096_mod_128(sp_digit* r, const sp_digit* a, const sp_di * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -91406,11 +91512,20 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 256), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 256), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -91517,7 +91632,9 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -91537,11 +91654,20 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 256), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 256), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -95349,7 +95475,9 @@ static void sp_4096_lshift_128(sp_digit* r, const sp_digit* a, byte n) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) @@ -95370,11 +95498,17 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 385, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 385, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -95549,12 +95683,12 @@ static const sp_digit p256_mod[8] = { 0xffffffff,0xffffffff,0xffffffff,0x00000000,0x00000000,0x00000000, 0x00000001,0xffffffff }; -/* The Montogmery normalizer for modulus of the curve P256. */ +/* The Montgomery normalizer for modulus of the curve P256. */ static const sp_digit p256_norm_mod[8] = { 0x00000001,0x00000000,0x00000000,0xffffffff,0xffffffff,0xffffffff, 0xfffffffe,0x00000000 }; -/* The Montogmery multiplier for modulus of the curve P256. */ +/* The Montgomery multiplier for modulus of the curve P256. */ static const sp_digit p256_mp_mod = 0x00000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) @@ -95570,14 +95704,14 @@ static const sp_digit p256_order2[8] = { 0x00000000,0xffffffff }; #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery normalizer for order of the curve P256. */ +/* The Montgomery normalizer for order of the curve P256. */ static const sp_digit p256_norm_order[8] = { 0x039cdaaf,0x0c46353d,0x58e8617b,0x43190552,0x00000000,0x00000000, 0xffffffff,0x00000000 }; #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery multiplier for order of the curve P256. */ +/* The Montgomery multiplier for order of the curve P256. */ static const sp_digit p256_mp_order = 0xee00bc4f; #endif /* The base point of curve P256. */ @@ -96607,7 +96741,7 @@ SP_NOINLINE static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, } #endif /* WOLFSSL_SP_SMALL */ -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -97911,14 +98045,14 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, ); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -97930,9 +98064,9 @@ static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -97945,10 +98079,10 @@ static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number a number of times. (r = a ^ n mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * n Number of times to square. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_256_mont_sqr_n_8(sp_digit* r, const sp_digit* a, int n, const sp_digit* m, sp_digit mp) @@ -98199,8 +98333,8 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, @@ -98385,7 +98519,7 @@ SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, @@ -98562,7 +98696,7 @@ SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, @@ -98895,8 +99029,8 @@ SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, @@ -101178,7 +101312,7 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, * km Scalar to multiply by. * p Point to multiply. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -102727,7 +102861,7 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -106836,12 +106970,12 @@ static const sp_digit p384_mod[12] = { 0xffffffff,0x00000000,0x00000000,0xffffffff,0xfffffffe,0xffffffff, 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff }; -/* The Montogmery normalizer for modulus of the curve P384. */ +/* The Montgomery normalizer for modulus of the curve P384. */ static const sp_digit p384_norm_mod[12] = { 0x00000001,0xffffffff,0xffffffff,0x00000000,0x00000001,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000 }; -/* The Montogmery multiplier for modulus of the curve P384. */ +/* The Montgomery multiplier for modulus of the curve P384. */ static sp_digit p384_mp_mod = 0x00000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) @@ -106857,14 +106991,14 @@ static const sp_digit p384_order2[12] = { 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff }; #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery normalizer for order of the curve P384. */ +/* The Montgomery normalizer for order of the curve P384. */ static const sp_digit p384_norm_order[12] = { 0x333ad68d,0x1313e695,0xb74f5885,0xa7e5f24d,0x0bc8d220,0x389cb27e, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000 }; #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery multiplier for order of the curve P384. */ +/* The Montgomery multiplier for order of the curve P384. */ static sp_digit p384_mp_order = 0xe88fdc45; #endif /* The base point of curve P384. */ @@ -107965,7 +108099,7 @@ SP_NOINLINE static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, } #endif /* WOLFSSL_SP_SMALL */ -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -109050,14 +109184,14 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, ); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -109069,9 +109203,9 @@ static void sp_384_mont_mul_12(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_sqr_12(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -109084,10 +109218,10 @@ static void sp_384_mont_sqr_12(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number a number of times. (r = a ^ n mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * n Number of times to square. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_sqr_n_12(sp_digit* r, const sp_digit* a, int n, const sp_digit* m, sp_digit mp) @@ -109354,8 +109488,8 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_384_mont_add_12(sp_digit* r, const sp_digit* a, @@ -109370,7 +109504,7 @@ SP_NOINLINE static void sp_384_mont_add_12(sp_digit* r, const sp_digit* a, /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_384_mont_dbl_12(sp_digit* r, const sp_digit* a, @@ -109385,7 +109519,7 @@ SP_NOINLINE static void sp_384_mont_dbl_12(sp_digit* r, const sp_digit* a, /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_384_mont_tpl_12(sp_digit* r, const sp_digit* a, @@ -109471,8 +109605,8 @@ SP_NOINLINE static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_384_mont_sub_12(sp_digit* r, const sp_digit* a, @@ -111621,7 +111755,7 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, * km Scalar to multiply by. * p Point to multiply. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -113170,7 +113304,7 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -182255,7 +182389,7 @@ static const sp_digit p1024_mod[32] = { 0xb3e01a2e,0xbe9ae358,0x9cb48261,0x416c0ce1,0xdad0657a,0x65c61198, 0x0a563fda,0x997abb1f }; -/* The Montogmery normalizer for modulus of the curve P1024. */ +/* The Montgomery normalizer for modulus of the curve P1024. */ static const sp_digit p1024_norm_mod[32] = { 0x0157a015,0x99927f85,0x53853178,0x7f3a20ef,0x767a824f,0x031c17dc, 0xa968e0e0,0x606b2950,0xe3c3f655,0x5830c3ad,0xce7ad57d,0x49500b57, @@ -182264,7 +182398,7 @@ static const sp_digit p1024_norm_mod[32] = { 0x4c1fe5d1,0x41651ca7,0x634b7d9e,0xbe93f31e,0x252f9a85,0x9a39ee67, 0xf5a9c025,0x668544e0 }; -/* The Montogmery multiplier for modulus of the curve P1024. */ +/* The Montgomery multiplier for modulus of the curve P1024. */ static sp_digit p1024_mp_mod = 0x7c8f2f3d; #if defined(WOLFSSL_SP_SMALL) || defined(HAVE_ECC_CHECK_KEY) /* The order of the curve P1024. */ @@ -183419,7 +183553,7 @@ static WC_INLINE int sp_1024_mod_32(sp_digit* r, const sp_digit* a, const sp_dig return sp_1024_div_32(a, m, NULL, r); } -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -184772,14 +184906,14 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, ); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_1024_mont_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -184791,9 +184925,9 @@ static void sp_1024_mont_mul_32(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_1024_mont_sqr_32(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -184912,8 +185046,8 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r, const sp_digit* a, @@ -185822,7 +185956,7 @@ SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r, const sp_digit* a, /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r, const sp_digit* a, @@ -186699,7 +186833,7 @@ SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r, const sp_digit* a, /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r, const sp_digit* a, @@ -188469,8 +188603,8 @@ SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r, const sp_digit* a, /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_1024_mont_sub_32(sp_digit* r, const sp_digit* a, @@ -196196,7 +196330,7 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index 2380f7eda..40b3334ff 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -1738,14 +1738,14 @@ static void sp_2048_mont_reduce_36(sp_digit* a, const sp_digit* m, sp_digit mp) sp_2048_norm_36(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_36(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -1757,9 +1757,9 @@ static void sp_2048_mont_mul_36(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_36(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -2138,7 +2138,9 @@ static int sp_2048_mod_36(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -2158,11 +2160,20 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 36 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 36 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -2244,11 +2255,20 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 36 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 36 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -2330,11 +2350,20 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 72) + 72), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 72) + 72), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -2790,14 +2819,14 @@ static void sp_2048_mont_reduce_72(sp_digit* a, const sp_digit* m, sp_digit mp) sp_2048_norm_72(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_72(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -2809,9 +2838,9 @@ static void sp_2048_mont_mul_72(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_72(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -3233,7 +3262,9 @@ static int sp_2048_mod_72(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -3253,11 +3284,20 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 72 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 72 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -3339,11 +3379,20 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 72 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 72 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -3425,11 +3474,20 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 144) + 144), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 144) + 144), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -4518,7 +4576,9 @@ SP_NOINLINE static void sp_2048_lshift_72(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_2048_mod_exp_2_72(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { @@ -4537,11 +4597,17 @@ static int sp_2048_mod_exp_2_72(sp_digit* r, const sp_digit* e, int bits, const byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 217, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 217, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -5452,14 +5518,14 @@ SP_NOINLINE static void sp_3072_mul_53(sp_digit* r, const sp_digit* a, r[0] = (sp_digit)c; } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_53(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -5535,9 +5601,9 @@ SP_NOINLINE static void sp_3072_sqr_53(sp_digit* r, const sp_digit* a) /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_53(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -5867,7 +5933,9 @@ static int sp_3072_mod_53(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -5887,11 +5955,20 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 53 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 53 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -5973,11 +6050,20 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 53 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 53 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -6059,11 +6145,20 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 106) + 106), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 106) + 106), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -6390,14 +6485,14 @@ static void sp_3072_mont_reduce_106(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_106(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_106(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -6409,9 +6504,9 @@ static void sp_3072_mont_mul_106(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_106(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -6742,7 +6837,9 @@ static int sp_3072_mod_106(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -6762,11 +6859,20 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 106 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 106 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -6848,11 +6954,20 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 106 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 106 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -6934,11 +7049,20 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 212) + 212), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 212) + 212), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -7875,7 +7999,9 @@ SP_NOINLINE static void sp_3072_lshift_106(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_3072_mod_exp_2_106(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { @@ -7894,11 +8020,17 @@ static int sp_3072_mod_exp_2_106(sp_digit* r, const sp_digit* e, int bits, const byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 319, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 319, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -9569,14 +9701,14 @@ static void sp_3072_mont_reduce_56(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_56(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_56(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -9588,9 +9720,9 @@ static void sp_3072_mont_mul_56(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_56(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -9909,7 +10041,9 @@ static int sp_3072_mod_56(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -9929,11 +10063,20 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 56 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 56 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -10015,11 +10158,20 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 56 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 56 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -10101,11 +10253,20 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 112) + 112), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 112) + 112), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -10489,14 +10650,14 @@ static void sp_3072_mont_reduce_112(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_112(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_112(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -10508,9 +10669,9 @@ static void sp_3072_mont_mul_112(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_112(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -10832,7 +10993,9 @@ static int sp_3072_mod_112(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -10852,11 +11015,20 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 112 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 112 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -10938,11 +11110,20 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 112 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 112 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -11024,11 +11205,20 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 224) + 224), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 224) + 224), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -12188,7 +12378,9 @@ SP_NOINLINE static void sp_3072_lshift_112(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_3072_mod_exp_2_112(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { @@ -12207,11 +12399,17 @@ static int sp_3072_mod_exp_2_112(sp_digit* r, const sp_digit* e, int bits, const byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 337, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 337, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -13132,14 +13330,14 @@ SP_NOINLINE static void sp_4096_mul_71(sp_digit* r, const sp_digit* a, r[0] = (sp_digit)c; } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_mul_71(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -13215,9 +13413,9 @@ SP_NOINLINE static void sp_4096_sqr_71(sp_digit* r, const sp_digit* a) /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_sqr_71(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -13547,7 +13745,9 @@ static int sp_4096_mod_71(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -13567,11 +13767,20 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 71 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 71 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -13653,11 +13862,20 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 71 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 71 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -13739,11 +13957,20 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 142) + 142), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 142) + 142), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -14071,14 +14298,14 @@ static void sp_4096_mont_reduce_142(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_142(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_mul_142(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -14090,9 +14317,9 @@ static void sp_4096_mont_mul_142(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_sqr_142(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -14423,7 +14650,9 @@ static int sp_4096_mod_142(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -14443,11 +14672,20 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 142 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 142 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -14529,11 +14767,20 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 142 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 142 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -14615,11 +14862,20 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 284) + 284), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 284) + 284), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -15556,7 +15812,9 @@ SP_NOINLINE static void sp_4096_lshift_142(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_4096_mod_exp_2_142(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { @@ -15575,11 +15833,17 @@ static int sp_4096_mod_exp_2_142(sp_digit* r, const sp_digit* e, int bits, const byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 427, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 427, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -17132,14 +17396,14 @@ static void sp_4096_mont_reduce_81(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_81(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_mul_81(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -17151,9 +17415,9 @@ static void sp_4096_mont_mul_81(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_sqr_81(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -17445,7 +17709,9 @@ static int sp_4096_mod_81(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -17465,11 +17731,20 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 81 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 81 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -17551,11 +17826,20 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 81 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 81 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -17637,11 +17921,20 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 162) + 162), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 162) + 162), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -18014,14 +18307,14 @@ static void sp_4096_mont_reduce_162(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_162(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_mul_162(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -18033,9 +18326,9 @@ static void sp_4096_mont_mul_162(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_sqr_162(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -18321,7 +18614,9 @@ static int sp_4096_mod_162(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -18341,11 +18636,20 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 162 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 162 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -18427,11 +18731,20 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 162 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 162 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -18513,11 +18826,20 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 324) + 324), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 324) + 324), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -19777,7 +20099,9 @@ SP_NOINLINE static void sp_4096_lshift_162(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_4096_mod_exp_2_162(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { @@ -19796,11 +20120,17 @@ static int sp_4096_mod_exp_2_162(sp_digit* r, const sp_digit* e, int bits, const byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 487, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 487, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -20007,12 +20337,12 @@ static const sp_digit p256_mod[9] = { 0x1fffffff,0x1fffffff,0x1fffffff,0x000001ff,0x00000000,0x00000000, 0x00040000,0x1fe00000,0x00ffffff }; -/* The Montogmery normalizer for modulus of the curve P256. */ +/* The Montgomery normalizer for modulus of the curve P256. */ static const sp_digit p256_norm_mod[9] = { 0x00000001,0x00000000,0x00000000,0x1ffffe00,0x1fffffff,0x1fffffff, 0x1ffbffff,0x001fffff,0x00000000 }; -/* The Montogmery multiplier for modulus of the curve P256. */ +/* The Montgomery multiplier for modulus of the curve P256. */ static const sp_digit p256_mp_mod = 0x0000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) @@ -20028,14 +20358,14 @@ static const sp_digit p256_order2[9] = { 0x0003ffff,0x1fe00000,0x00ffffff }; #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery normalizer for order of the curve P256. */ +/* The Montgomery normalizer for order of the curve P256. */ static const sp_digit p256_norm_order[9] = { 0x039cdaaf,0x0231a9e8,0x1a185ec3,0x120aa4b1,0x00000431,0x00000000, 0x1ffc0000,0x001fffff,0x00000000 }; #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery multiplier for order of the curve P256. */ +/* The Montgomery multiplier for order of the curve P256. */ static const sp_digit p256_mp_order = 0xe00bc4f; #endif /* The base point of curve P256. */ @@ -20863,14 +21193,14 @@ static void sp_256_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp) sp_256_norm_9(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_256_mont_mul_9(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -20882,9 +21212,9 @@ static void sp_256_mont_mul_9(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_256_mont_sqr_9(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -20897,10 +21227,10 @@ static void sp_256_mont_sqr_9(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number a number of times. (r = a ^ n mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * n Number of times to square. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_256_mont_sqr_n_9(sp_digit* r, const sp_digit* a, int n, const sp_digit* m, sp_digit mp) @@ -21035,8 +21365,8 @@ static void sp_256_map_9(sp_point_256* r, const sp_point_256* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_add_9(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -21052,7 +21382,7 @@ static void sp_256_mont_add_9(sp_digit* r, const sp_digit* a, const sp_digit* b, /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_dbl_9(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -21067,7 +21397,7 @@ static void sp_256_mont_dbl_9(sp_digit* r, const sp_digit* a, const sp_digit* m) /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_tpl_9(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -21117,8 +21447,8 @@ static void sp_256_cond_add_9(sp_digit* r, const sp_digit* a, /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_sub_9(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -21676,7 +22006,7 @@ static void sp_256_proj_point_add_9(sp_point_256* r, } } -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -23186,7 +23516,7 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, * km Scalar to multiply by. * p Point to multiply. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -24644,7 +24974,7 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -26858,13 +27188,13 @@ static const sp_digit p384_mod[15] = { 0x3ffffff,0x3ffffff,0x3ffffff,0x3ffffff,0x3ffffff,0x3ffffff,0x3ffffff, 0x00fffff }; -/* The Montogmery normalizer for modulus of the curve P384. */ +/* The Montgomery normalizer for modulus of the curve P384. */ static const sp_digit p384_norm_mod[15] = { 0x0000001,0x3ffffc0,0x3ffffff,0x003ffff,0x1000000,0x0000000,0x0000000, 0x0000000,0x0000000,0x0000000,0x0000000,0x0000000,0x0000000,0x0000000, 0x0000000 }; -/* The Montogmery multiplier for modulus of the curve P384. */ +/* The Montgomery multiplier for modulus of the curve P384. */ static sp_digit p384_mp_mod = 0x000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) @@ -26882,7 +27212,7 @@ static const sp_digit p384_order2[15] = { 0x00fffff }; #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery normalizer for order of the curve P384. */ +/* The Montgomery normalizer for order of the curve P384. */ static const sp_digit p384_norm_order[15] = { 0x33ad68d,0x0f9a54c,0x1885131,0x136dd3d,0x0a7e5f2,0x2f23488,0x1cb27e0, 0x00000e2,0x0000000,0x0000000,0x0000000,0x0000000,0x0000000,0x0000000, @@ -26890,7 +27220,7 @@ static const sp_digit p384_norm_order[15] = { }; #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery multiplier for order of the curve P384. */ +/* The Montgomery multiplier for order of the curve P384. */ static sp_digit p384_mp_order = 0x8fdc45; #endif /* The base point of curve P384. */ @@ -27984,14 +28314,14 @@ static void sp_384_mont_reduce_15(sp_digit* a, const sp_digit* m, sp_digit mp) sp_384_norm_15(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_mul_15(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -28003,9 +28333,9 @@ static void sp_384_mont_mul_15(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_sqr_15(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -28018,10 +28348,10 @@ static void sp_384_mont_sqr_15(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number a number of times. (r = a ^ n mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * n Number of times to square. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_sqr_n_15(sp_digit* r, const sp_digit* a, int n, const sp_digit* m, sp_digit mp) @@ -28172,8 +28502,8 @@ static void sp_384_map_15(sp_point_384* r, const sp_point_384* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_add_15(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -28189,7 +28519,7 @@ static void sp_384_mont_add_15(sp_digit* r, const sp_digit* a, const sp_digit* b /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_dbl_15(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -28204,7 +28534,7 @@ static void sp_384_mont_dbl_15(sp_digit* r, const sp_digit* a, const sp_digit* m /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_tpl_15(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -28260,8 +28590,8 @@ static void sp_384_cond_add_15(sp_digit* r, const sp_digit* a, /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_sub_15(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -28827,7 +29157,7 @@ static void sp_384_proj_point_add_15(sp_point_384* r, } } -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -30453,7 +30783,7 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, * km Scalar to multiply by. * p Point to multiply. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -32423,7 +32753,7 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -35185,7 +35515,7 @@ static const sp_digit p1024_mod[42] = { 0x1c0f1b2,0x1593f17,0x0bbd02a,0x167c034,0x09ae358,0x04130df,0x138672d, 0x1482d81,0x1ad0657,0x0308cc6,0x0ff6997,0x03e14ac,0x0997abb,0x0000000 }; -/* The Montogmery normalizer for modulus of the curve P1024. */ +/* The Montgomery normalizer for modulus of the curve P1024. */ static const sp_digit p1024_norm_mod[42] = { 0x157a015,0x13fc280,0x05e2664,0x1ea70a6,0x1f3a20e,0x1d4127b,0x05f71d9, 0x1c00638,0x0a968e0,0x03594a8,0x0fd9558,0x075bc78,0x1d5830c,0x073d6ab, @@ -35194,7 +35524,7 @@ static const sp_digit p1024_norm_mod[42] = { 0x03f0e4d,0x0a6c0e8,0x1442fd5,0x0983fcb,0x1651ca7,0x1becf20,0x0c798d2, 0x0b7d27e,0x052f9a8,0x1cf7339,0x1009668,0x1c1eb53,0x0668544,0x0000000 }; -/* The Montogmery multiplier for modulus of the curve P1024. */ +/* The Montgomery multiplier for modulus of the curve P1024. */ static sp_digit p1024_mp_mod = 0x8f2f3d; #if defined(WOLFSSL_SP_SMALL) || defined(HAVE_ECC_CHECK_KEY) /* The order of the curve P1024. */ @@ -35671,7 +36001,7 @@ static int sp_1024_mod_42(sp_digit* r, const sp_digit* a, const sp_digit* m) return sp_1024_div_42(a, m, NULL, r); } -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -36196,14 +36526,14 @@ static void sp_1024_mont_reduce_42(sp_digit* a, const sp_digit* m, sp_digit mp) sp_1024_norm_42(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_1024_mont_mul_42(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -36215,9 +36545,9 @@ static void sp_1024_mont_mul_42(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_1024_mont_sqr_42(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -36330,8 +36660,8 @@ static void sp_1024_map_42(sp_point_1024* r, const sp_point_1024* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ static void sp_1024_mont_add_42(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -36347,7 +36677,7 @@ static void sp_1024_mont_add_42(sp_digit* r, const sp_digit* a, const sp_digit* /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ static void sp_1024_mont_dbl_42(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -36362,7 +36692,7 @@ static void sp_1024_mont_dbl_42(sp_digit* r, const sp_digit* a, const sp_digit* /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ static void sp_1024_mont_tpl_42(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -36382,8 +36712,8 @@ static void sp_1024_mont_tpl_42(sp_digit* r, const sp_digit* a, const sp_digit* /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ static void sp_1024_mont_sub_42(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -42242,7 +42572,7 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index 957593ef9..da17fd50d 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -655,14 +655,14 @@ SP_NOINLINE static void sp_2048_mul_17(sp_digit* r, const sp_digit* a, r[0] = (sp_digit)c; } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -738,9 +738,9 @@ SP_NOINLINE static void sp_2048_sqr_17(sp_digit* r, const sp_digit* a) /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_17(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -1198,7 +1198,9 @@ static int sp_2048_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -1218,11 +1220,20 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 17 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 17 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -1304,11 +1315,20 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 17 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 17 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -1390,11 +1410,20 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 34) + 34), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 34) + 34), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -1707,14 +1736,14 @@ static void sp_2048_mont_reduce_34(sp_digit* a, const sp_digit* m, sp_digit mp) sp_2048_norm_34(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_34(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -1726,9 +1755,9 @@ static void sp_2048_mont_mul_34(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_34(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -2187,7 +2216,9 @@ static int sp_2048_mod_34(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -2207,11 +2238,20 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 34 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 34 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -2293,11 +2333,20 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 34 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 34 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -2379,11 +2428,20 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 68) + 68), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 68) + 68), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -3320,7 +3378,9 @@ SP_NOINLINE static void sp_2048_lshift_34(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_2048_mod_exp_2_34(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { @@ -3339,11 +3399,17 @@ static int sp_2048_mod_exp_2_34(sp_digit* r, const sp_digit* e, int bits, const byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 103, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 103, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -4527,14 +4593,14 @@ static void sp_2048_mont_reduce_18(sp_digit* a, const sp_digit* m, sp_digit mp) sp_2048_norm_18(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_18(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -4546,9 +4612,9 @@ static void sp_2048_mont_mul_18(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_18(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -4862,7 +4928,9 @@ static int sp_2048_mod_18(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -4882,11 +4950,20 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 18 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 18 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -4968,11 +5045,20 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 18 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 18 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -5054,11 +5140,20 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 36) + 36), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 36) + 36), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -5410,14 +5505,14 @@ static void sp_2048_mont_reduce_36(sp_digit* a, const sp_digit* m, sp_digit mp) sp_2048_norm_36(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_36(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -5429,9 +5524,9 @@ static void sp_2048_mont_mul_36(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_36(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -5746,7 +5841,9 @@ static int sp_2048_mod_36(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -5766,11 +5863,20 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 36 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 36 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -5852,11 +5958,20 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 36 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 36 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -5938,11 +6053,20 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 72) + 72), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 72) + 72), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -6950,7 +7074,9 @@ SP_NOINLINE static void sp_2048_lshift_36(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_2048_mod_exp_2_36(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { @@ -6969,11 +7095,17 @@ static int sp_2048_mod_exp_2_36(sp_digit* r, const sp_digit* e, int bits, const byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 109, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 109, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -7821,14 +7953,14 @@ SP_NOINLINE static void sp_3072_mul_26(sp_digit* r, const sp_digit* a, r[0] = (sp_digit)c; } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_26(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -7881,9 +8013,9 @@ SP_NOINLINE static void sp_3072_sqr_26(sp_digit* r, const sp_digit* a) /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_26(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -8253,7 +8385,9 @@ static int sp_3072_mod_26(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -8273,11 +8407,20 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 26 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 26 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -8359,11 +8502,20 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 26 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 26 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -8445,11 +8597,20 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 52) + 52), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 52) + 52), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -8768,14 +8929,14 @@ static void sp_3072_mont_reduce_52(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_52(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_52(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -8787,9 +8948,9 @@ static void sp_3072_mont_mul_52(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_52(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -9160,7 +9321,9 @@ static int sp_3072_mod_52(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -9180,11 +9343,20 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 52 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 52 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -9266,11 +9438,20 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 52 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 52 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -9352,11 +9533,20 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 104) + 104), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 104) + 104), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -10293,7 +10483,9 @@ SP_NOINLINE static void sp_3072_lshift_52(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_3072_mod_exp_2_52(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { @@ -10312,11 +10504,17 @@ static int sp_3072_mod_exp_2_52(sp_digit* r, const sp_digit* e, int bits, const byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 157, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 157, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -11633,14 +11831,14 @@ static void sp_3072_mont_reduce_27(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_27(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_27(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -11652,9 +11850,9 @@ static void sp_3072_mont_mul_27(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_27(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -11973,7 +12171,9 @@ static int sp_3072_mod_27(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -11993,11 +12193,20 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 27 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 27 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -12079,11 +12288,20 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 27 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 27 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -12165,11 +12383,20 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 54) + 54), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 54) + 54), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -12528,14 +12755,14 @@ static void sp_3072_mont_reduce_54(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_54(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_54(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -12547,9 +12774,9 @@ static void sp_3072_mont_mul_54(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_54(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -12868,7 +13095,9 @@ static int sp_3072_mod_54(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -12888,11 +13117,20 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 54 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 54 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -12974,11 +13212,20 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 54 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 54 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -13060,11 +13307,20 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 108) + 108), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 108) + 108), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -14108,7 +14364,9 @@ SP_NOINLINE static void sp_3072_lshift_54(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_3072_mod_exp_2_54(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { @@ -14127,11 +14385,17 @@ static int sp_3072_mod_exp_2_54(sp_digit* r, const sp_digit* e, int bits, const byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 163, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 163, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -14985,14 +15249,14 @@ SP_NOINLINE static void sp_4096_mul_35(sp_digit* r, const sp_digit* a, r[0] = (sp_digit)c; } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_mul_35(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -15045,9 +15309,9 @@ SP_NOINLINE static void sp_4096_sqr_35(sp_digit* r, const sp_digit* a) /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_sqr_35(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -15377,7 +15641,9 @@ static int sp_4096_mod_35(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -15397,11 +15663,20 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 35 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 35 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -15483,11 +15758,20 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 35 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 35 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -15569,11 +15853,20 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 70) + 70), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 70) + 70), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -15887,14 +16180,14 @@ static void sp_4096_mont_reduce_70(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_70(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_mul_70(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -15906,9 +16199,9 @@ static void sp_4096_mont_mul_70(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_sqr_70(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -16239,7 +16532,9 @@ static int sp_4096_mod_70(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -16259,11 +16554,20 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 70 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 70 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -16345,11 +16649,20 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 70 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 70 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -16431,11 +16744,20 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 140) + 140), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 140) + 140), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -17372,7 +17694,9 @@ SP_NOINLINE static void sp_4096_lshift_70(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_4096_mod_exp_2_70(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { @@ -17391,11 +17715,17 @@ static int sp_4096_mod_exp_2_70(sp_digit* r, const sp_digit* e, int bits, const byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 211, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 211, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -18759,14 +19089,14 @@ static void sp_4096_mont_reduce_39(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_39(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_mul_39(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -18778,9 +19108,9 @@ static void sp_4096_mont_mul_39(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_sqr_39(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -19075,7 +19405,9 @@ static int sp_4096_mod_39(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -19095,11 +19427,20 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 39 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 39 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -19181,11 +19522,20 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 39 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 39 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -19267,11 +19617,20 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 78) + 78), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 78) + 78), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -19631,14 +19990,14 @@ static void sp_4096_mont_reduce_78(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_78(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_mul_78(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -19650,9 +20009,9 @@ static void sp_4096_mont_mul_78(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_sqr_78(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -19939,7 +20298,9 @@ static int sp_4096_mod_78(sp_digit* r, const sp_digit* a, const sp_digit* m) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -19959,11 +20320,20 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 78 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 78 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -20045,11 +20415,20 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 78 * 2, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 78 * 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -20131,11 +20510,20 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 156) + 156), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((16 * 156) + 156), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -21227,7 +21615,9 @@ SP_NOINLINE static void sp_4096_lshift_78(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_4096_mod_exp_2_78(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { @@ -21246,11 +21636,17 @@ static int sp_4096_mod_exp_2_78(sp_digit* r, const sp_digit* e, int bits, const byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 235, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 235, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -21458,12 +21854,12 @@ static const sp_digit p256_mod[5] = { 0xfffffffffffffL,0x00fffffffffffL,0x0000000000000L,0x0001000000000L, 0x0ffffffff0000L }; -/* The Montogmery normalizer for modulus of the curve P256. */ +/* The Montgomery normalizer for modulus of the curve P256. */ static const sp_digit p256_norm_mod[5] = { 0x0000000000001L,0xff00000000000L,0xfffffffffffffL,0xfffefffffffffL, 0x000000000ffffL }; -/* The Montogmery multiplier for modulus of the curve P256. */ +/* The Montgomery multiplier for modulus of the curve P256. */ static const sp_digit p256_mp_mod = 0x0000000000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) @@ -21479,14 +21875,14 @@ static const sp_digit p256_order2[5] = { 0x0ffffffff0000L }; #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery normalizer for order of the curve P256. */ +/* The Montgomery normalizer for order of the curve P256. */ static const sp_digit p256_norm_order[5] = { 0x6353d039cdaafL,0x5258e8617b0c4L,0x0000000431905L,0xffff000000000L, 0x000000000ffffL }; #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery multiplier for order of the curve P256. */ +/* The Montgomery multiplier for order of the curve P256. */ static const sp_digit p256_mp_order = 0x1c8aaee00bc4fL; #endif /* The base point of curve P256. */ @@ -22153,14 +22549,14 @@ static void sp_256_mont_reduce_5(sp_digit* a, const sp_digit* m, sp_digit mp) sp_256_norm_5(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_256_mont_mul_5(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -22172,9 +22568,9 @@ static void sp_256_mont_mul_5(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_256_mont_sqr_5(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -22187,10 +22583,10 @@ static void sp_256_mont_sqr_5(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number a number of times. (r = a ^ n mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * n Number of times to square. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_256_mont_sqr_n_5(sp_digit* r, const sp_digit* a, int n, const sp_digit* m, sp_digit mp) @@ -22325,8 +22721,8 @@ static void sp_256_map_5(sp_point_256* r, const sp_point_256* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_add_5(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -22342,7 +22738,7 @@ static void sp_256_mont_add_5(sp_digit* r, const sp_digit* a, const sp_digit* b, /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_dbl_5(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -22357,7 +22753,7 @@ static void sp_256_mont_dbl_5(sp_digit* r, const sp_digit* a, const sp_digit* m) /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_tpl_5(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -22403,8 +22799,8 @@ static void sp_256_cond_add_5(sp_digit* r, const sp_digit* a, /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ static void sp_256_mont_sub_5(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -22957,7 +23353,7 @@ static void sp_256_proj_point_add_5(sp_point_256* r, } } -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -24404,7 +24800,7 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, * km Scalar to multiply by. * p Point to multiply. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -25862,7 +26258,7 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -28053,12 +28449,12 @@ static const sp_digit p384_mod[7] = { 0x000000ffffffffL,0x7ffe0000000000L,0x7ffffffffbffffL,0x7fffffffffffffL, 0x7fffffffffffffL,0x7fffffffffffffL,0x3fffffffffffffL }; -/* The Montogmery normalizer for modulus of the curve P384. */ +/* The Montgomery normalizer for modulus of the curve P384. */ static const sp_digit p384_norm_mod[7] = { 0x7fffff00000001L,0x0001ffffffffffL,0x00000000040000L,0x00000000000000L, 0x00000000000000L,0x00000000000000L,0x00000000000000L }; -/* The Montogmery multiplier for modulus of the curve P384. */ +/* The Montgomery multiplier for modulus of the curve P384. */ static sp_digit p384_mp_mod = 0x0000100000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) @@ -28074,14 +28470,14 @@ static const sp_digit p384_order2[7] = { 0x7fffffffffffffL,0x7fffffffffffffL,0x3fffffffffffffL }; #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery normalizer for order of the curve P384. */ +/* The Montgomery normalizer for order of the curve P384. */ static const sp_digit p384_norm_order[7] = { 0x13e695333ad68dL,0x649b6e9eb10a26L,0x782f2348829f97L,0x00000001c4e593L, 0x00000000000000L,0x00000000000000L,0x00000000000000L }; #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery multiplier for order of the curve P384. */ +/* The Montgomery multiplier for order of the curve P384. */ static sp_digit p384_mp_order = 0x546089e88fdc45L; #endif /* The base point of curve P384. */ @@ -28806,14 +29202,14 @@ static void sp_384_mont_reduce_7(sp_digit* a, const sp_digit* m, sp_digit mp) sp_384_norm_7(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_mul_7(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -28825,9 +29221,9 @@ static void sp_384_mont_mul_7(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_sqr_7(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -28840,10 +29236,10 @@ static void sp_384_mont_sqr_7(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number a number of times. (r = a ^ n mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * n Number of times to square. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_sqr_n_7(sp_digit* r, const sp_digit* a, int n, const sp_digit* m, sp_digit mp) @@ -28994,8 +29390,8 @@ static void sp_384_map_7(sp_point_384* r, const sp_point_384* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_add_7(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -29011,7 +29407,7 @@ static void sp_384_mont_add_7(sp_digit* r, const sp_digit* a, const sp_digit* b, /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_dbl_7(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -29026,7 +29422,7 @@ static void sp_384_mont_dbl_7(sp_digit* r, const sp_digit* a, const sp_digit* m) /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_tpl_7(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -29074,8 +29470,8 @@ static void sp_384_cond_add_7(sp_digit* r, const sp_digit* a, /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_sub_7(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -29631,7 +30027,7 @@ static void sp_384_proj_point_add_7(sp_point_384* r, } } -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -31134,7 +31530,7 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, * km Scalar to multiply by. * p Point to multiply. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -33102,7 +33498,7 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -35694,7 +36090,7 @@ static const sp_digit p1024_mod[18] = { 0x07e2fc0f1b22873L,0x19f00d177a05559L,0x0d20986fa6b8d62L,0x0caf482d819c339L, 0x1da65c61198dad0L,0x04cbd5d8f852b1fL }; -/* The Montogmery normalizer for modulus of the curve P1024. */ +/* The Montgomery normalizer for modulus of the curve P1024. */ static const sp_digit p1024_norm_mod[18] = { 0x1927f850157a015L,0x11077a9c298bc4cL,0x1f71d9ea093dfceL,0x0152d1c1c006382L, 0x03c3f655606b295L,0x1d6abeac1861d6fL,0x18c7925402d5f39L,0x0575daa7465352fL, @@ -35702,7 +36098,7 @@ static const sp_digit p1024_norm_mod[18] = { 0x181d03f0e4dd78cL,0x060ff2e885faaa6L,0x12df6790594729dL,0x1350b7d27e63cc6L, 0x0259a39ee67252fL,0x03342a2707ad4e0L }; -/* The Montogmery multiplier for modulus of the curve P1024. */ +/* The Montgomery multiplier for modulus of the curve P1024. */ static sp_digit p1024_mp_mod = 0x10420077c8f2f3d; #if defined(WOLFSSL_SP_SMALL) || defined(HAVE_ECC_CHECK_KEY) /* The order of the curve P1024. */ @@ -36205,7 +36601,7 @@ static int sp_1024_mod_18(sp_digit* r, const sp_digit* a, const sp_digit* m) return sp_1024_div_18(a, m, NULL, r); } -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -36702,14 +37098,14 @@ static void sp_1024_mont_reduce_18(sp_digit* a, const sp_digit* m, sp_digit mp) sp_1024_norm_18(a); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_1024_mont_mul_18(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -36721,9 +37117,9 @@ static void sp_1024_mont_mul_18(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_1024_mont_sqr_18(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -36836,8 +37232,8 @@ static void sp_1024_map_18(sp_point_1024* r, const sp_point_1024* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ static void sp_1024_mont_add_18(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -36853,7 +37249,7 @@ static void sp_1024_mont_add_18(sp_digit* r, const sp_digit* a, const sp_digit* /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ static void sp_1024_mont_dbl_18(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -36868,7 +37264,7 @@ static void sp_1024_mont_dbl_18(sp_digit* r, const sp_digit* a, const sp_digit* /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ static void sp_1024_mont_tpl_18(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -36888,8 +37284,8 @@ static void sp_1024_mont_tpl_18(sp_digit* r, const sp_digit* a, const sp_digit* /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ static void sp_1024_mont_sub_18(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -42154,7 +42550,7 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index b99deec12..610f4e367 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -2953,14 +2953,14 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - ca); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -2972,9 +2972,9 @@ static void sp_2048_mont_mul_32(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_32(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -3183,7 +3183,9 @@ static WC_INLINE int sp_2048_mod_32(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -3203,11 +3205,20 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -3323,7 +3334,9 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -3343,11 +3356,20 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 64), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 64), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -3636,14 +3658,14 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - ca); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -3655,9 +3677,9 @@ static void sp_2048_mont_mul_64(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_64(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -4244,7 +4266,9 @@ static WC_INLINE int sp_2048_mod_64(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -4264,11 +4288,20 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 128), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 128), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -4375,7 +4408,9 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -4395,11 +4430,20 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -5400,7 +5444,9 @@ static void sp_2048_lshift_64(sp_digit* r, sp_digit* a, byte n) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) @@ -5421,11 +5467,17 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -8172,14 +8224,14 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - ca); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -8191,9 +8243,9 @@ static void sp_3072_mont_mul_48(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_48(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -8402,7 +8454,9 @@ static WC_INLINE int sp_3072_mod_48(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -8422,11 +8476,20 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -8542,7 +8605,9 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -8562,11 +8627,20 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 96), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 96), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -8856,14 +8930,14 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - ca); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -8875,9 +8949,9 @@ static void sp_3072_mont_mul_96(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_96(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -9601,7 +9675,9 @@ static WC_INLINE int sp_3072_mod_96(sp_digit* r, const sp_digit* a, const sp_dig * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -9621,11 +9697,20 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 192), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 192), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -9732,7 +9817,9 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -9752,11 +9839,20 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 192), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 192), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -10953,7 +11049,9 @@ static void sp_3072_lshift_96(sp_digit* r, sp_digit* a, byte n) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) @@ -10974,11 +11072,17 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 289, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 289, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -12638,14 +12742,14 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - ca); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -12657,9 +12761,9 @@ static void sp_4096_mont_mul_128(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_sqr_128(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -13516,7 +13620,9 @@ static WC_INLINE int sp_4096_mod_128(sp_digit* r, const sp_digit* a, const sp_di * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -13536,11 +13642,20 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 256), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 * 256), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -13647,7 +13762,9 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) @@ -13667,11 +13784,20 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 256), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 256), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -15065,7 +15191,9 @@ static void sp_4096_lshift_128(sp_digit* r, sp_digit* a, byte n) * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) @@ -15086,11 +15214,17 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, byte y; int err = MP_OKAY; + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 385, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 385, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -15265,12 +15399,12 @@ static const sp_digit p256_mod[8] = { 0xffffffff,0xffffffff,0xffffffff,0x00000000,0x00000000,0x00000000, 0x00000001,0xffffffff }; -/* The Montogmery normalizer for modulus of the curve P256. */ +/* The Montgomery normalizer for modulus of the curve P256. */ static const sp_digit p256_norm_mod[8] = { 0x00000001,0x00000000,0x00000000,0xffffffff,0xffffffff,0xffffffff, 0xfffffffe,0x00000000 }; -/* The Montogmery multiplier for modulus of the curve P256. */ +/* The Montgomery multiplier for modulus of the curve P256. */ static const sp_digit p256_mp_mod = 0x00000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) @@ -15286,14 +15420,14 @@ static const sp_digit p256_order2[8] = { 0x00000000,0xffffffff }; #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery normalizer for order of the curve P256. */ +/* The Montgomery normalizer for order of the curve P256. */ static const sp_digit p256_norm_order[8] = { 0x039cdaaf,0x0c46353d,0x58e8617b,0x43190552,0x00000000,0x00000000, 0xffffffff,0x00000000 }; #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery multiplier for order of the curve P256. */ +/* The Montgomery multiplier for order of the curve P256. */ static const sp_digit p256_mp_order = 0xee00bc4f; #endif /* The base point of curve P256. */ @@ -16370,7 +16504,7 @@ SP_NOINLINE static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, } #endif /* WOLFSSL_SP_SMALL */ -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -16797,14 +16931,14 @@ static int sp_256_point_to_ecc_point_8(const sp_point_256* p, ecc_point* pm) return err; } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -17459,9 +17593,9 @@ SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const /* Square the Montgomery form number mod the modulus (prime). (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -17976,10 +18110,10 @@ SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, const /* Square the Montgomery form number a number of times. (r = a ^ n mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * n Number of times to square. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_256_mont_sqr_n_8(sp_digit* r, const sp_digit* a, int n, const sp_digit* m, sp_digit mp) @@ -18434,8 +18568,8 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -18505,7 +18639,7 @@ SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, const /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -18558,7 +18692,7 @@ SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, const /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -18643,8 +18777,8 @@ SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, const /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -20631,7 +20765,7 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, * km Scalar to multiply by. * p Point to multiply. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -22180,7 +22314,7 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -24590,12 +24724,12 @@ static const sp_digit p384_mod[12] = { 0xffffffff,0x00000000,0x00000000,0xffffffff,0xfffffffe,0xffffffff, 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff }; -/* The Montogmery normalizer for modulus of the curve P384. */ +/* The Montgomery normalizer for modulus of the curve P384. */ static const sp_digit p384_norm_mod[12] = { 0x00000001,0xffffffff,0xffffffff,0x00000000,0x00000001,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000 }; -/* The Montogmery multiplier for modulus of the curve P384. */ +/* The Montgomery multiplier for modulus of the curve P384. */ static sp_digit p384_mp_mod = 0x00000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) @@ -24611,14 +24745,14 @@ static const sp_digit p384_order2[12] = { 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff }; #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery normalizer for order of the curve P384. */ +/* The Montgomery normalizer for order of the curve P384. */ static const sp_digit p384_norm_order[12] = { 0x333ad68d,0x1313e695,0xb74f5885,0xa7e5f24d,0x0bc8d220,0x389cb27e, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000 }; #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery multiplier for order of the curve P384. */ +/* The Montgomery multiplier for order of the curve P384. */ static sp_digit p384_mp_order = 0xe88fdc45; #endif /* The base point of curve P384. */ @@ -25073,7 +25207,7 @@ SP_NOINLINE static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, } #endif /* WOLFSSL_SP_SMALL */ -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -25512,14 +25646,14 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - ca); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -25531,9 +25665,9 @@ static void sp_384_mont_mul_12(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_sqr_12(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -25546,10 +25680,10 @@ static void sp_384_mont_sqr_12(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number a number of times. (r = a ^ n mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * n Number of times to square. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_sqr_n_12(sp_digit* r, const sp_digit* a, int n, const sp_digit* m, sp_digit mp) @@ -25753,8 +25887,8 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_384_mont_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -25769,7 +25903,7 @@ SP_NOINLINE static void sp_384_mont_add_12(sp_digit* r, const sp_digit* a, const /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_384_mont_dbl_12(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -25783,7 +25917,7 @@ SP_NOINLINE static void sp_384_mont_dbl_12(sp_digit* r, const sp_digit* a, const /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_384_mont_tpl_12(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -25840,8 +25974,8 @@ SP_NOINLINE static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, c /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_384_mont_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -27815,7 +27949,7 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, * km Scalar to multiply by. * p Point to multiply. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -29364,7 +29498,7 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -32634,7 +32768,7 @@ static const sp_digit p1024_mod[32] = { 0xb3e01a2e,0xbe9ae358,0x9cb48261,0x416c0ce1,0xdad0657a,0x65c61198, 0x0a563fda,0x997abb1f }; -/* The Montogmery normalizer for modulus of the curve P1024. */ +/* The Montgomery normalizer for modulus of the curve P1024. */ static const sp_digit p1024_norm_mod[32] = { 0x0157a015,0x99927f85,0x53853178,0x7f3a20ef,0x767a824f,0x031c17dc, 0xa968e0e0,0x606b2950,0xe3c3f655,0x5830c3ad,0xce7ad57d,0x49500b57, @@ -32643,7 +32777,7 @@ static const sp_digit p1024_norm_mod[32] = { 0x4c1fe5d1,0x41651ca7,0x634b7d9e,0xbe93f31e,0x252f9a85,0x9a39ee67, 0xf5a9c025,0x668544e0 }; -/* The Montogmery multiplier for modulus of the curve P1024. */ +/* The Montgomery multiplier for modulus of the curve P1024. */ static sp_digit p1024_mp_mod = 0x7c8f2f3d; #if defined(WOLFSSL_SP_SMALL) || defined(HAVE_ECC_CHECK_KEY) /* The order of the curve P1024. */ @@ -33058,7 +33192,7 @@ static WC_INLINE int sp_1024_mod_32(sp_digit* r, const sp_digit* a, const sp_dig return sp_1024_div_32(a, m, NULL, r); } -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -33432,14 +33566,14 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_1024_cond_sub_32(a - 32, a, m, ca); } -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_1024_mont_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -33451,9 +33585,9 @@ static void sp_1024_mont_mul_32(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_1024_mont_sqr_32(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -33572,8 +33706,8 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -33742,7 +33876,7 @@ SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r, const sp_digit* a, cons /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -33894,7 +34028,7 @@ SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r, const sp_digit* a, cons /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -34201,8 +34335,8 @@ SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r, const sp_digit* a, cons /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ SP_NOINLINE static void sp_1024_mont_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -39983,7 +40117,7 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c index dc7863f67..d608fe2ac 100644 --- a/wolfcrypt/src/sp_x86_64.c +++ b/wolfcrypt/src/sp_x86_64.c @@ -268,14 +268,14 @@ static void sp_2048_mont_norm_16(sp_digit* r, const sp_digit* m) extern sp_digit sp_2048_cond_sub_16(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m); extern void sp_2048_mont_reduce_16(sp_digit* a, const sp_digit* m, sp_digit mp); -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_16(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -287,9 +287,9 @@ static void sp_2048_mont_mul_16(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_16(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -459,13 +459,15 @@ static WC_INLINE int sp_2048_mod_16(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(33 * 32) + 32]; #endif @@ -482,11 +484,20 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, ASSERT_SAVED_VECTOR_REGISTERS(); + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (33 * 32) + 32, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (33 * 32) + 32, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) { + err = MEMORY_E; + } } #endif @@ -630,14 +641,14 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, extern void sp_2048_mont_reduce_avx2_16(sp_digit* a, const sp_digit* m, sp_digit mp); #ifdef HAVE_INTEL_AVX2 -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_avx2_16(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -651,9 +662,9 @@ static void sp_2048_mont_mul_avx2_16(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_avx2_16(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -671,13 +682,15 @@ static void sp_2048_mont_sqr_avx2_16(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_avx2_16(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(33 * 32) + 32]; #endif @@ -694,11 +707,20 @@ static int sp_2048_mod_exp_avx2_16(sp_digit* r, const sp_digit* a, const sp_digi ASSERT_SAVED_VECTOR_REGISTERS(); + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (33 * 32) + 32, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (33 * 32) + 32, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) { + err = MEMORY_E; + } } #endif @@ -863,14 +885,14 @@ static void sp_2048_mont_norm_32(sp_digit* r, const sp_digit* m) #endif /* (WOLFSSL_HAVE_SP_RSA & !WOLFSSL_RSA_PUBLIC_ONLY) | WOLFSSL_HAVE_SP_DH */ extern sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m); extern void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_digit mp); -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -882,9 +904,9 @@ static void sp_2048_mont_mul_32(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_32(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -1138,13 +1160,15 @@ static WC_INLINE int sp_2048_mod_32(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(17 * 64) + 64]; #endif @@ -1161,11 +1185,20 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, ASSERT_SAVED_VECTOR_REGISTERS(); + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (17 * 64) + 64, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (17 * 64) + 64, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) { + err = MEMORY_E; + } } #endif @@ -1292,14 +1325,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, #endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || WOLFSSL_HAVE_SP_DH */ extern void sp_2048_mont_reduce_avx2_32(sp_digit* a, const sp_digit* m, sp_digit mp); #ifdef HAVE_INTEL_AVX2 -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_mul_avx2_32(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -1313,9 +1346,9 @@ static void sp_2048_mont_mul_avx2_32(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_2048_mont_sqr_avx2_32(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -1334,13 +1367,15 @@ static void sp_2048_mont_sqr_avx2_32(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_2048_mod_exp_avx2_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(17 * 64) + 64]; #endif @@ -1357,11 +1392,20 @@ static int sp_2048_mod_exp_avx2_32(sp_digit* r, const sp_digit* a, const sp_digi ASSERT_SAVED_VECTOR_REGISTERS(); + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (17 * 64) + 64, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (17 * 64) + 64, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) { + err = MEMORY_E; + } } #endif @@ -2069,13 +2113,15 @@ extern void sp_2048_lshift_32(sp_digit* r, const sp_digit* a, int n); * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_2048_mod_exp_2_avx2_32(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[33 + 64]; #endif @@ -2092,11 +2138,17 @@ static int sp_2048_mod_exp_2_avx2_32(sp_digit* r, const sp_digit* e, int bits, ASSERT_SAVED_VECTOR_REGISTERS(); + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (33 + 64), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (33 + 64), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) { + err = MEMORY_E; + } } #endif @@ -2196,13 +2248,15 @@ static int sp_2048_mod_exp_2_avx2_32(sp_digit* r, const sp_digit* e, int bits, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[33 + 64]; #endif @@ -2219,11 +2273,17 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits, ASSERT_SAVED_VECTOR_REGISTERS(); + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (33 + 64), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (33 + 64), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) { + err = MEMORY_E; + } } #endif @@ -2733,14 +2793,14 @@ static void sp_3072_mont_norm_24(sp_digit* r, const sp_digit* m) extern sp_digit sp_3072_cond_sub_24(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m); extern void sp_3072_mont_reduce_24(sp_digit* a, const sp_digit* m, sp_digit mp); -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_24(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -2752,9 +2812,9 @@ static void sp_3072_mont_mul_24(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_24(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -2924,13 +2984,15 @@ static WC_INLINE int sp_3072_mod_24(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(33 * 48) + 48]; #endif @@ -2947,11 +3009,20 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, ASSERT_SAVED_VECTOR_REGISTERS(); + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (33 * 48) + 48, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (33 * 48) + 48, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) { + err = MEMORY_E; + } } #endif @@ -3095,14 +3166,14 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, extern void sp_3072_mont_reduce_avx2_24(sp_digit* a, const sp_digit* m, sp_digit mp); #ifdef HAVE_INTEL_AVX2 -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_avx2_24(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -3116,9 +3187,9 @@ static void sp_3072_mont_mul_avx2_24(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_avx2_24(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -3136,13 +3207,15 @@ static void sp_3072_mont_sqr_avx2_24(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_avx2_24(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(33 * 48) + 48]; #endif @@ -3159,11 +3232,20 @@ static int sp_3072_mod_exp_avx2_24(sp_digit* r, const sp_digit* a, const sp_digi ASSERT_SAVED_VECTOR_REGISTERS(); + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (33 * 48) + 48, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (33 * 48) + 48, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) { + err = MEMORY_E; + } } #endif @@ -3328,14 +3410,14 @@ static void sp_3072_mont_norm_48(sp_digit* r, const sp_digit* m) #endif /* (WOLFSSL_HAVE_SP_RSA & !WOLFSSL_RSA_PUBLIC_ONLY) | WOLFSSL_HAVE_SP_DH */ extern sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m); extern void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, sp_digit mp); -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -3347,9 +3429,9 @@ static void sp_3072_mont_mul_48(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_48(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -3603,13 +3685,15 @@ static WC_INLINE int sp_3072_mod_48(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(17 * 96) + 96]; #endif @@ -3626,11 +3710,20 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, ASSERT_SAVED_VECTOR_REGISTERS(); + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (17 * 96) + 96, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (17 * 96) + 96, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) { + err = MEMORY_E; + } } #endif @@ -3757,14 +3850,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, #endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || WOLFSSL_HAVE_SP_DH */ extern void sp_3072_mont_reduce_avx2_48(sp_digit* a, const sp_digit* m, sp_digit mp); #ifdef HAVE_INTEL_AVX2 -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_mul_avx2_48(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -3778,9 +3871,9 @@ static void sp_3072_mont_mul_avx2_48(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_3072_mont_sqr_avx2_48(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -3799,13 +3892,15 @@ static void sp_3072_mont_sqr_avx2_48(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_3072_mod_exp_avx2_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(17 * 96) + 96]; #endif @@ -3822,11 +3917,20 @@ static int sp_3072_mod_exp_avx2_48(sp_digit* r, const sp_digit* a, const sp_digi ASSERT_SAVED_VECTOR_REGISTERS(); + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (17 * 96) + 96, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (17 * 96) + 96, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) { + err = MEMORY_E; + } } #endif @@ -4534,13 +4638,15 @@ extern void sp_3072_lshift_48(sp_digit* r, const sp_digit* a, int n); * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_3072_mod_exp_2_avx2_48(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[49 + 96]; #endif @@ -4557,11 +4663,17 @@ static int sp_3072_mod_exp_2_avx2_48(sp_digit* r, const sp_digit* e, int bits, ASSERT_SAVED_VECTOR_REGISTERS(); + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (49 + 96), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (49 + 96), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) { + err = MEMORY_E; + } } #endif @@ -4661,13 +4773,15 @@ static int sp_3072_mod_exp_2_avx2_48(sp_digit* r, const sp_digit* e, int bits, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[49 + 96]; #endif @@ -4684,11 +4798,17 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits, ASSERT_SAVED_VECTOR_REGISTERS(); + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (49 + 96), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (49 + 96), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) { + err = MEMORY_E; + } } #endif @@ -5180,14 +5300,14 @@ static void sp_4096_mont_norm_64(sp_digit* r, const sp_digit* m) #endif /* (WOLFSSL_HAVE_SP_RSA & !WOLFSSL_RSA_PUBLIC_ONLY) | WOLFSSL_HAVE_SP_DH */ extern sp_digit sp_4096_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m); extern void sp_4096_mont_reduce_64(sp_digit* a, const sp_digit* m, sp_digit mp); -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -5199,9 +5319,9 @@ static void sp_4096_mont_mul_64(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_sqr_64(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -5455,13 +5575,15 @@ static WC_INLINE int sp_4096_mod_64(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(17 * 128) + 128]; #endif @@ -5478,11 +5600,20 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, ASSERT_SAVED_VECTOR_REGISTERS(); + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (17 * 128) + 128, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (17 * 128) + 128, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) { + err = MEMORY_E; + } } #endif @@ -5609,14 +5740,14 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, #endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || WOLFSSL_HAVE_SP_DH */ extern void sp_4096_mont_reduce_avx2_64(sp_digit* a, const sp_digit* m, sp_digit mp); #ifdef HAVE_INTEL_AVX2 -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_mul_avx2_64(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -5630,9 +5761,9 @@ static void sp_4096_mont_mul_avx2_64(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_4096_mont_sqr_avx2_64(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -5651,13 +5782,15 @@ static void sp_4096_mont_sqr_avx2_64(sp_digit* r, const sp_digit* a, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even or exponent is 0. */ static int sp_4096_mod_exp_avx2_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(17 * 128) + 128]; #endif @@ -5674,11 +5807,20 @@ static int sp_4096_mod_exp_avx2_64(sp_digit* r, const sp_digit* a, const sp_digi ASSERT_SAVED_VECTOR_REGISTERS(); + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + else if (bits == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (17 * 128) + 128, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (17 * 128) + 128, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) { + err = MEMORY_E; + } } #endif @@ -6386,13 +6528,15 @@ extern void sp_4096_lshift_64(sp_digit* r, const sp_digit* a, int n); * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_4096_mod_exp_2_avx2_64(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[65 + 128]; #endif @@ -6409,11 +6553,17 @@ static int sp_4096_mod_exp_2_avx2_64(sp_digit* r, const sp_digit* e, int bits, ASSERT_SAVED_VECTOR_REGISTERS(); + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (65 + 128), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (65 + 128), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) { + err = MEMORY_E; + } } #endif @@ -6513,13 +6663,15 @@ static int sp_4096_mod_exp_2_avx2_64(sp_digit* r, const sp_digit* e, int bits, * e A single precision number that is the exponent. * bits The number of bits in the exponent. * m A single precision number that is the modulus. - * returns 0 on success and MEMORY_E on dynamic memory allocation failure. + * returns 0 on success. + * returns MEMORY_E on dynamic memory allocation failure. + * returns MP_VAL when base is even. */ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[65 + 128]; #endif @@ -6536,11 +6688,17 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, ASSERT_SAVED_VECTOR_REGISTERS(); + if ((m[0] & 1) == 0) { + err = MP_VAL; + } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (65 + 128), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { - err = MEMORY_E; + if (err == MP_OKAY) { + td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (65 + 128), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (td == NULL) { + err = MEMORY_E; + } } #endif @@ -6767,12 +6925,12 @@ static const sp_digit p256_mod[4] = { 0xffffffffffffffffL,0x00000000ffffffffL,0x0000000000000000L, 0xffffffff00000001L }; -/* The Montogmery normalizer for modulus of the curve P256. */ +/* The Montgomery normalizer for modulus of the curve P256. */ static const sp_digit p256_norm_mod[4] = { 0x0000000000000001L,0xffffffff00000000L,0xffffffffffffffffL, 0x00000000fffffffeL }; -/* The Montogmery multiplier for modulus of the curve P256. */ +/* The Montgomery multiplier for modulus of the curve P256. */ static const sp_digit p256_mp_mod = 0x0000000000000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) @@ -6788,14 +6946,14 @@ static const sp_digit p256_order2[4] = { 0xffffffff00000000L }; #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery normalizer for order of the curve P256. */ +/* The Montgomery normalizer for order of the curve P256. */ static const sp_digit p256_norm_order[4] = { 0x0c46353d039cdaafL,0x4319055258e8617bL,0x0000000000000000L, 0x00000000ffffffffL }; #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery multiplier for order of the curve P256. */ +/* The Montgomery multiplier for order of the curve P256. */ static const sp_digit p256_mp_order = 0xccd1c8aaee00bc4fL; #endif #ifdef WOLFSSL_SP_SMALL @@ -6834,7 +6992,7 @@ extern void sp_256_mul_4(sp_digit* r, const sp_digit* a, const sp_digit* b); extern void sp_256_sqr_4(sp_digit* r, const sp_digit* a); extern sp_digit sp_256_add_4(sp_digit* r, const sp_digit* a, const sp_digit* b); extern sp_digit sp_256_sub_4(sp_digit* r, const sp_digit* a, const sp_digit* b); -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -7102,10 +7260,10 @@ extern void sp_256_mont_sqr_4(sp_digit* r, const sp_digit* a, const sp_digit* m, /* Square the Montgomery form number a number of times. (r = a ^ n mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * n Number of times to square. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_256_mont_sqr_n_4(sp_digit* r, const sp_digit* a, int n, const sp_digit* m, sp_digit mp) @@ -8225,10 +8383,10 @@ extern void sp_256_mont_sqr_avx2_4(sp_digit* r, const sp_digit* a, const sp_digi /* Square the Montgomery form number a number of times. (r = a ^ n mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * n Number of times to square. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_256_mont_sqr_n_avx2_4(sp_digit* r, const sp_digit* a, int n, const sp_digit* m, sp_digit mp) @@ -10149,7 +10307,7 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, * km Scalar to multiply by. * p Point to multiply. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -22975,7 +23133,7 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -25338,12 +25496,12 @@ static const sp_digit p384_mod[6] = { 0x00000000ffffffffL,0xffffffff00000000L,0xfffffffffffffffeL, 0xffffffffffffffffL,0xffffffffffffffffL,0xffffffffffffffffL }; -/* The Montogmery normalizer for modulus of the curve P384. */ +/* The Montgomery normalizer for modulus of the curve P384. */ static const sp_digit p384_norm_mod[6] = { 0xffffffff00000001L,0x00000000ffffffffL,0x0000000000000001L, 0x0000000000000000L,0x0000000000000000L,0x0000000000000000L }; -/* The Montogmery multiplier for modulus of the curve P384. */ +/* The Montgomery multiplier for modulus of the curve P384. */ static sp_digit p384_mp_mod = 0x0000000100000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) @@ -25359,14 +25517,14 @@ static const sp_digit p384_order2[6] = { 0xffffffffffffffffL,0xffffffffffffffffL,0xffffffffffffffffL }; #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery normalizer for order of the curve P384. */ +/* The Montgomery normalizer for order of the curve P384. */ static const sp_digit p384_norm_order[6] = { 0x1313e695333ad68dL,0xa7e5f24db74f5885L,0x389cb27e0bc8d220L, 0x0000000000000000L,0x0000000000000000L,0x0000000000000000L }; #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) -/* The Montogmery multiplier for order of the curve P384. */ +/* The Montgomery multiplier for order of the curve P384. */ static sp_digit p384_mp_order = 0x6ed46089e88fdc45L; #endif #ifdef WOLFSSL_SP_SMALL @@ -25408,7 +25566,7 @@ extern void sp_384_mul_6(sp_digit* r, const sp_digit* a, const sp_digit* b); extern void sp_384_sqr_6(sp_digit* r, const sp_digit* a); extern sp_digit sp_384_add_6(sp_digit* r, const sp_digit* a, const sp_digit* b); extern sp_digit sp_384_sub_6(sp_digit* r, const sp_digit* a, const sp_digit* b); -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -25715,14 +25873,14 @@ extern void sp_384_cond_copy_6(sp_digit* r, const sp_digit* a, sp_digit m); extern sp_digit sp_384_cond_sub_6(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m); extern void sp_384_mont_reduce_6(sp_digit* a, const sp_digit* m, sp_digit mp); extern void sp_384_mont_reduce_order_6(sp_digit* a, const sp_digit* m, sp_digit mp); -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_mul_6(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -25734,9 +25892,9 @@ static void sp_384_mont_mul_6(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_sqr_6(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -25749,10 +25907,10 @@ static void sp_384_mont_sqr_6(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number a number of times. (r = a ^ n mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * n Number of times to square. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_sqr_n_6(sp_digit* r, const sp_digit* a, int n, const sp_digit* m, sp_digit mp) @@ -25910,8 +26068,8 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p, /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_add_6(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -25929,7 +26087,7 @@ extern sp_digit sp_384_dbl_6(sp_digit* r, const sp_digit* a); /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_dbl_6(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -25945,7 +26103,7 @@ static void sp_384_mont_dbl_6(sp_digit* r, const sp_digit* a, const sp_digit* m) /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_tpl_6(sp_digit* r, const sp_digit* a, const sp_digit* m) @@ -25964,8 +26122,8 @@ extern sp_digit sp_384_cond_add_6(sp_digit* r, const sp_digit* a, const sp_digit /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ static void sp_384_mont_sub_6(sp_digit* r, const sp_digit* a, const sp_digit* b, @@ -26950,14 +27108,14 @@ static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384* extern void sp_384_mul_avx2_6(sp_digit* r, const sp_digit* a, const sp_digit* b); #define sp_384_mont_reduce_avx2_6 sp_384_mont_reduce_6 extern void sp_384_mont_reduce_order_avx2_6(sp_digit* a, const sp_digit* m, sp_digit mp); -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_mul_avx2_6(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -26972,9 +27130,9 @@ extern void sp_384_sqr_avx2_6(sp_digit* r, const sp_digit* a); /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_sqr_avx2_6(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -26988,10 +27146,10 @@ static void sp_384_mont_sqr_avx2_6(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number a number of times. (r = a ^ n mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * n Number of times to square. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_384_mont_sqr_n_avx2_6(sp_digit* r, const sp_digit* a, int n, const sp_digit* m, sp_digit mp) @@ -28925,7 +29083,7 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, * km Scalar to multiply by. * p Point to multiply. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -47565,7 +47723,7 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. @@ -49998,7 +50156,7 @@ static const sp_digit p1024_mod[16] = { 0xbe9ae358b3e01a2eL,0x416c0ce19cb48261L,0x65c61198dad0657aL, 0x997abb1f0a563fdaL }; -/* The Montogmery normalizer for modulus of the curve P1024. */ +/* The Montgomery normalizer for modulus of the curve P1024. */ static const sp_digit p1024_norm_mod[16] = { 0x99927f850157a015L,0x7f3a20ef53853178L,0x031c17dc767a824fL, 0x606b2950a968e0e0L,0x5830c3ade3c3f655L,0x49500b57ce7ad57dL, @@ -50007,7 +50165,7 @@ static const sp_digit p1024_norm_mod[16] = { 0x41651ca74c1fe5d1L,0xbe93f31e634b7d9eL,0x9a39ee67252f9a85L, 0x668544e0f5a9c025L }; -/* The Montogmery multiplier for modulus of the curve P1024. */ +/* The Montgomery multiplier for modulus of the curve P1024. */ static sp_digit p1024_mp_mod = 0x290420077c8f2f3d; #if defined(WOLFSSL_SP_SMALL) || defined(HAVE_ECC_CHECK_KEY) /* The order of the curve P1024. */ @@ -50222,7 +50380,7 @@ static WC_INLINE int sp_1024_mod_16(sp_digit* r, const sp_digit* a, return sp_1024_div_16(a, m, NULL, r); } -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -50236,7 +50394,7 @@ static int sp_1024_mod_mul_norm_16(sp_digit* r, const sp_digit* a, const sp_digi } #ifdef HAVE_INTEL_AVX2 -/* Multiply a number by Montogmery normalizer mod modulus (prime). +/* Multiply a number by Montgomery normalizer mod modulus (prime). * * r The resulting Montgomery form number. * a The number to convert. @@ -50505,14 +50663,14 @@ static int sp_1024_point_to_ecc_point_16(const sp_point_1024* p, ecc_point* pm) extern void sp_1024_cond_copy_16(sp_digit* r, const sp_digit* a, sp_digit m); extern void sp_1024_mont_reduce_16(sp_digit* a, const sp_digit* m, sp_digit mp); -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_1024_mont_mul_16(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -50524,9 +50682,9 @@ static void sp_1024_mont_mul_16(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_1024_mont_sqr_16(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -51629,14 +51787,14 @@ static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_10 #ifdef HAVE_INTEL_AVX2 #ifdef HAVE_INTEL_AVX2 extern void sp_1024_mont_reduce_avx2_16(sp_digit* a, const sp_digit* m, sp_digit mp); -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_1024_mont_mul_avx2_16(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) @@ -51650,9 +51808,9 @@ static void sp_1024_mont_mul_avx2_16(sp_digit* r, const sp_digit* a, /* Square the Montgomery form number. (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ static void sp_1024_mont_sqr_avx2_16(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) @@ -56933,7 +57091,7 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) * * km Scalar to multiply by. * am Point to add to scalar mulitply result. - * inMont Point to add is in montogmery form. + * inMont Point to add is in montgomery form. * r Resulting point. * map Indicates whether to convert result to affine. * heap Heap to use for allocation. diff --git a/wolfcrypt/src/sp_x86_64_asm.S b/wolfcrypt/src/sp_x86_64_asm.S index 6b3dfa5c0..53186fcd5 100644 --- a/wolfcrypt/src/sp_x86_64_asm.S +++ b/wolfcrypt/src/sp_x86_64_asm.S @@ -39026,14 +39026,14 @@ _sp_256_cond_copy_4: #ifndef __APPLE__ .size sp_256_cond_copy_4,.-sp_256_cond_copy_4 #endif /* __APPLE__ */ -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ #ifndef __APPLE__ .text @@ -39234,9 +39234,9 @@ _sp_256_mont_mul_4: /* Square the Montgomery form number mod the modulus (prime). (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ #ifndef __APPLE__ .text @@ -39637,8 +39637,8 @@ L_mont_loop_4: /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ @@ -39689,7 +39689,7 @@ _sp_256_mont_add_4: /* Double a Montgomery form number (r = a + a % m). * * r Result of doubling. - * a Number to double in Montogmery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ @@ -39740,7 +39740,7 @@ _sp_256_mont_dbl_4: /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of Tripling. - * a Number to triple in Montogmery form. + * a Number to triple in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ @@ -39812,8 +39812,8 @@ _sp_256_mont_tpl_4: /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of subtration. - * a Number to subtract from in Montogmery form. - * b Number to subtract with in Montogmery form. + * a Number to subtract from in Montgomery form. + * b Number to subtract with in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ @@ -40033,14 +40033,14 @@ L_256_get_point_33_avx2_4_start: #endif /* HAVE_INTEL_AVX2 */ #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef HAVE_INTEL_AVX2 -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ #ifndef __APPLE__ .text @@ -40223,9 +40223,9 @@ _sp_256_mont_mul_avx2_4: /* Square the Montgomery form number mod the modulus (prime). (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. * m Modulus (prime). - * mp Montogmery mulitplier. + * mp Montgomery mulitplier. */ #ifndef __APPLE__ .text @@ -41424,12 +41424,12 @@ _div_256_word_asm_4: #endif /* __APPLE__ */ #endif /* _WIN64 */ #ifdef HAVE_INTEL_AVX2 -/* Multiply two Montogmery form numbers mod the modulus (prime). +/* Multiply two Montgomery form numbers mod the modulus (prime). * (r = a * b mod m) * * r Result of multiplication. - * a First number to multiply in Montogmery form. - * b Second number to multiply in Montogmery form. + * a First number to multiply in Montgomery form. + * b Second number to multiply in Montgomery form. */ #ifndef __APPLE__ .text @@ -41658,7 +41658,7 @@ _sp_256_mont_mul_order_avx2_4: /* Square the Montgomery form number mod the modulus (prime). (r = a * a mod m) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. */ #ifndef __APPLE__ .text @@ -44409,7 +44409,7 @@ L_mont_loop_order_avx2_6: /* Square a and put result in r. (r = a * a) * * r Result of squaring. - * a Number to square in Montogmery form. + * a Number to square in Montgomery form. */ #ifndef __APPLE__ .text @@ -52230,8 +52230,8 @@ L_1024_mont_loop_16: /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ @@ -52405,7 +52405,7 @@ _sp_1024_mont_add_16: /* Double a Montgomery form number (r = a + a % m). * * r Result of addition. - * a Number to souble in Montogmery form. + * a Number to souble in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ @@ -52579,7 +52579,7 @@ _sp_1024_mont_dbl_16: /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of addition. - * a Number to souble in Montogmery form. + * a Number to souble in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ @@ -52903,8 +52903,8 @@ _sp_1024_mont_tpl_16: /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ @@ -53646,8 +53646,8 @@ L_1024_mont_loop_avx2_16: /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ @@ -53805,7 +53805,7 @@ _sp_1024_mont_add_avx2_16: /* Double a Montgomery form number (r = a + a % m). * * r Result of addition. - * a Number to souble in Montogmery form. + * a Number to souble in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ @@ -53963,7 +53963,7 @@ _sp_1024_mont_dbl_avx2_16: /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of addition. - * a Number to souble in Montogmery form. + * a Number to souble in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ @@ -54255,8 +54255,8 @@ _sp_1024_mont_tpl_avx2_16: /* Subtract two Montgomery form numbers (r = a - b % m). * * r Result of addition. - * a First number to add in Montogmery form. - * b Second number to add in Montogmery form. + * a First number to add in Montgomery form. + * b Second number to add in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ diff --git a/wolfcrypt/src/sp_x86_64_asm.asm b/wolfcrypt/src/sp_x86_64_asm.asm index b4574864e..b1d2aba50 100644 --- a/wolfcrypt/src/sp_x86_64_asm.asm +++ b/wolfcrypt/src/sp_x86_64_asm.asm @@ -37856,14 +37856,14 @@ sp_256_cond_copy_4 PROC ret sp_256_cond_copy_4 ENDP _text ENDS -; /* Multiply two Montogmery form numbers mod the modulus (prime). +; /* Multiply two Montgomery form numbers mod the modulus (prime). ; * (r = a * b mod m) ; * ; * r Result of multiplication. -; * a First number to multiply in Montogmery form. -; * b Second number to multiply in Montogmery form. +; * a First number to multiply in Montgomery form. +; * b Second number to multiply in Montgomery form. ; * m Modulus (prime). -; * mp Montogmery mulitplier. +; * mp Montgomery mulitplier. ; */ _text SEGMENT READONLY PARA sp_256_mont_mul_4 PROC @@ -38057,9 +38057,9 @@ _text ENDS ; /* Square the Montgomery form number mod the modulus (prime). (r = a * a mod m) ; * ; * r Result of squaring. -; * a Number to square in Montogmery form. +; * a Number to square in Montgomery form. ; * m Modulus (prime). -; * mp Montogmery mulitplier. +; * mp Montgomery mulitplier. ; */ _text SEGMENT READONLY PARA sp_256_mont_sqr_4 PROC @@ -38431,8 +38431,8 @@ _text ENDS ; /* Add two Montgomery form numbers (r = a + b % m). ; * ; * r Result of addition. -; * a First number to add in Montogmery form. -; * b Second number to add in Montogmery form. +; * a First number to add in Montgomery form. +; * b Second number to add in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA @@ -38476,7 +38476,7 @@ _text ENDS ; /* Double a Montgomery form number (r = a + a % m). ; * ; * r Result of doubling. -; * a Number to double in Montogmery form. +; * a Number to double in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA @@ -38520,7 +38520,7 @@ _text ENDS ; /* Triple a Montgomery form number (r = a + a + a % m). ; * ; * r Result of Tripling. -; * a Number to triple in Montogmery form. +; * a Number to triple in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA @@ -38585,8 +38585,8 @@ _text ENDS ; /* Subtract two Montgomery form numbers (r = a - b % m). ; * ; * r Result of subtration. -; * a Number to subtract from in Montogmery form. -; * b Number to subtract with in Montogmery form. +; * a Number to subtract from in Montgomery form. +; * b Number to subtract with in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA @@ -38770,14 +38770,14 @@ _text ENDS ENDIF ENDIF IFDEF HAVE_INTEL_AVX2 -; /* Multiply two Montogmery form numbers mod the modulus (prime). +; /* Multiply two Montgomery form numbers mod the modulus (prime). ; * (r = a * b mod m) ; * ; * r Result of multiplication. -; * a First number to multiply in Montogmery form. -; * b Second number to multiply in Montogmery form. +; * a First number to multiply in Montgomery form. +; * b Second number to multiply in Montgomery form. ; * m Modulus (prime). -; * mp Montogmery mulitplier. +; * mp Montgomery mulitplier. ; */ _text SEGMENT READONLY PARA sp_256_mont_mul_avx2_4 PROC @@ -38954,9 +38954,9 @@ IFDEF HAVE_INTEL_AVX2 ; /* Square the Montgomery form number mod the modulus (prime). (r = a * a mod m) ; * ; * r Result of squaring. -; * a Number to square in Montogmery form. +; * a Number to square in Montgomery form. ; * m Modulus (prime). -; * mp Montogmery mulitplier. +; * mp Montgomery mulitplier. ; */ _text SEGMENT READONLY PARA sp_256_mont_sqr_avx2_4 PROC @@ -39995,12 +39995,12 @@ div_256_word_asm_4 ENDP _text ENDS ENDIF IFDEF HAVE_INTEL_AVX2 -; /* Multiply two Montogmery form numbers mod the modulus (prime). +; /* Multiply two Montgomery form numbers mod the modulus (prime). ; * (r = a * b mod m) ; * ; * r Result of multiplication. -; * a First number to multiply in Montogmery form. -; * b Second number to multiply in Montogmery form. +; * a First number to multiply in Montgomery form. +; * b Second number to multiply in Montgomery form. ; */ _text SEGMENT READONLY PARA sp_256_mont_mul_order_avx2_4 PROC @@ -40223,7 +40223,7 @@ IFDEF HAVE_INTEL_AVX2 ; /* Square the Montgomery form number mod the modulus (prime). (r = a * a mod m) ; * ; * r Result of squaring. -; * a Number to square in Montogmery form. +; * a Number to square in Montgomery form. ; */ _text SEGMENT READONLY PARA sp_256_mont_sqr_order_avx2_4 PROC @@ -42789,7 +42789,7 @@ IFDEF HAVE_INTEL_AVX2 ; /* Square a and put result in r. (r = a * a) ; * ; * r Result of squaring. -; * a Number to square in Montogmery form. +; * a Number to square in Montgomery form. ; */ _text SEGMENT READONLY PARA sp_384_sqr_avx2_6 PROC @@ -50309,8 +50309,8 @@ _text ENDS ; /* Add two Montgomery form numbers (r = a + b % m). ; * ; * r Result of addition. -; * a First number to add in Montogmery form. -; * b Second number to add in Montogmery form. +; * a First number to add in Montgomery form. +; * b Second number to add in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA @@ -50477,7 +50477,7 @@ _text ENDS ; /* Double a Montgomery form number (r = a + a % m). ; * ; * r Result of addition. -; * a Number to souble in Montogmery form. +; * a Number to souble in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA @@ -50642,7 +50642,7 @@ _text ENDS ; /* Triple a Montgomery form number (r = a + a + a % m). ; * ; * r Result of addition. -; * a Number to souble in Montogmery form. +; * a Number to souble in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA @@ -50957,8 +50957,8 @@ _text ENDS ; /* Subtract two Montgomery form numbers (r = a - b % m). ; * ; * r Result of addition. -; * a First number to add in Montogmery form. -; * b Second number to add in Montogmery form. +; * a First number to add in Montgomery form. +; * b Second number to add in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA @@ -51669,8 +51669,8 @@ IFDEF HAVE_INTEL_AVX2 ; /* Add two Montgomery form numbers (r = a + b % m). ; * ; * r Result of addition. -; * a First number to add in Montogmery form. -; * b Second number to add in Montogmery form. +; * a First number to add in Montgomery form. +; * b Second number to add in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA @@ -51821,7 +51821,7 @@ IFDEF HAVE_INTEL_AVX2 ; /* Double a Montgomery form number (r = a + a % m). ; * ; * r Result of addition. -; * a Number to souble in Montogmery form. +; * a Number to souble in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA @@ -51970,7 +51970,7 @@ IFDEF HAVE_INTEL_AVX2 ; /* Triple a Montgomery form number (r = a + a + a % m). ; * ; * r Result of addition. -; * a Number to souble in Montogmery form. +; * a Number to souble in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA @@ -52253,8 +52253,8 @@ IFDEF HAVE_INTEL_AVX2 ; /* Subtract two Montgomery form numbers (r = a - b % m). ; * ; * r Result of addition. -; * a First number to add in Montogmery form. -; * b Second number to add in Montogmery form. +; * a First number to add in Montgomery form. +; * b Second number to add in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA