From 02e51953fd00ff5194aa94ec2a43df766b8244b9 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 19 Sep 2022 09:26:47 +1000 Subject: [PATCH 1/2] SP int: mp_init_size fixes when SP_WORD_SIZE == 8 Setting an integer may have a value larger than one word being set. Check size of SP int in this case. --- wolfcrypt/src/sp_int.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 40ad95104..752f37cb3 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -5181,10 +5181,13 @@ int sp_set_int(sp_int* a, unsigned long n) else { int i; - for (i = 0; n > 0; i++,n >>= SP_WORD_SIZE) { + for (i = 0; (i < a->size) && (n > 0); i++,n >>= SP_WORD_SIZE) { a->dp[i] = (sp_int_digit)n; } a->used = i; + if ((i == a->size) && (n != 0)) { + err = MP_VAL; + } } #endif #ifdef WOLFSSL_SP_INT_NEGATIVE From e7dba670d67b8d151418d865746ec3acc826b372 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 19 Sep 2022 10:04:30 +1000 Subject: [PATCH 2/2] SP int: mp_init_size fix for sp_mont_norm sp_mont_norm should check wrong parameter when determining whether the calculation values will fit. --- wolfcrypt/src/sp_int.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 752f37cb3..bc0578fbb 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -15076,7 +15076,7 @@ int sp_mont_norm(sp_int* norm, sp_int* m) } if (err == MP_OKAY) { bits = sp_count_bits(m); - if (bits == m->size * SP_WORD_SIZE) { + if (bits >= norm->size * SP_WORD_SIZE) { err = MP_VAL; } }