wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

additional checks on fp montgomery return value

Browse Source
This commit is contained in:
Jacob Barthelmeh
2021-11-03 11:40:14 -06:00
parent d24bfb6bf7
commit 7ca95bfaca
1 changed files with 31 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
wolfcrypt/src/tfm.c
View File

@ -1420,7 +1420,7 @@ top:
/* modulus (b) must be greater than 2 and a prime */
int fp_invmod_mont_ct(fp_int *a, fp_int *b, fp_int *c, fp_digit mp)
{
int i, j;
int i, j, err = FP_OKAY;
#ifndef WOLFSSL_SMALL_STACK
fp_int t[1], e[1];
fp_int pre[CT_INV_MOD_PRE_CNT];
@ -1450,10 +1450,10 @@ int fp_invmod_mont_ct(fp_int *a, fp_int *b, fp_int *c, fp_digit mp)
fp_copy(a, &pre[0]);
for (i = 1; i < CT_INV_MOD_PRE_CNT; i++) {
fp_init(&pre[i]);
fp_sqr(&pre[i-1], &pre[i]);
fp_montgomery_reduce(&pre[i], b, mp);
fp_mul(&pre[i], a, &pre[i]);
fp_montgomery_reduce(&pre[i], b, mp);
err |= fp_sqr(&pre[i-1], &pre[i]);
err |= fp_montgomery_reduce(&pre[i], b, mp);
err |= fp_mul(&pre[i], a, &pre[i]);
err |= fp_montgomery_reduce(&pre[i], b, mp);
}
fp_sub_d(b, 2, e);
@ -1470,25 +1470,26 @@ int fp_invmod_mont_ct(fp_int *a, fp_int *b, fp_int *c, fp_digit mp)
int set = fp_is_bit_set(e, i);
if ((j == CT_INV_MOD_PRE_CNT) || (!set && j > 0)) {
fp_mul(t, &pre[j-1], t);
fp_montgomery_reduce(t, b, mp);
err |= fp_mul(t, &pre[j-1], t);
err |= fp_montgomery_reduce(t, b, mp);
j = 0;
}
fp_sqr(t, t);
fp_montgomery_reduce(t, b, mp);
err |= fp_sqr(t, t);
err |= fp_montgomery_reduce(t, b, mp);
j += set;
}
if (j > 0) {
fp_mul(t, &pre[j-1], c);
fp_montgomery_reduce(c, b, mp);
err |= fp_mul(t, &pre[j-1], c);
err |= fp_montgomery_reduce(c, b, mp);
}
else
else
fp_copy(t, c);
#ifdef WOLFSSL_SMALL_STACK
XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
#endif
return FP_OKAY;
return err;
}
/* d = a * b (mod c) */
@ -1876,7 +1877,11 @@ int fp_exptmod_nb(exptModNb_t* nb, fp_int* G, fp_int* X, fp_int* P, fp_int* Y)
break;
case TFM_EXPTMOD_NB_MUL_RED:
fp_montgomery_reduce(&nb->R[nb->y^1], P, nb->mp);
err = fp_montgomery_reduce(&nb->R[nb->y^1], P, nb->mp);
if (err != FP_OKAY) {
nb->state = TFM_EXPTMOD_NB_INIT;
return err;
}
nb->state = TFM_EXPTMOD_NB_SQR;
break;
@ -1899,20 +1904,28 @@ int fp_exptmod_nb(exptModNb_t* nb, fp_int* G, fp_int* X, fp_int* P, fp_int* Y)
case TFM_EXPTMOD_NB_SQR_RED:
#ifdef WC_NO_CACHE_RESISTANT
fp_montgomery_reduce(&nb->R[nb->y], P, nb->mp);
err = fp_montgomery_reduce(&nb->R[nb->y], P, nb->mp);
#else
fp_montgomery_reduce(&nb->R[2], P, nb->mp);
err = fp_montgomery_reduce(&nb->R[2], P, nb->mp);
fp_copy(&nb->R[2],
(fp_int*) ( ((wc_ptr_t)&nb->R[0] & wc_off_on_addr[nb->y^1]) +
((wc_ptr_t)&nb->R[1] & wc_off_on_addr[nb->y]) ) );
#endif /* WC_NO_CACHE_RESISTANT */
if (err != FP_OKAY) {
nb->state = TFM_EXPTMOD_NB_INIT;
return err;
}
nb->state = TFM_EXPTMOD_NB_NEXT;
break;
case TFM_EXPTMOD_NB_RED:
/* final reduce */
fp_montgomery_reduce(&nb->R[0], P, nb->mp);
err = fp_montgomery_reduce(&nb->R[0], P, nb->mp);
if (err != FP_OKAY) {
nb->state = TFM_EXPTMOD_NB_INIT;
return err;
}
fp_copy(&nb->R[0], Y);
nb->state = TFM_EXPTMOD_NB_INIT;
@ -2272,7 +2285,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
#endif
return err;
}
fp_montgomery_reduce_ex(res, P, mp, 0);
err = fp_montgomery_reduce_ex(res, P, mp, 0);
if (err != FP_OKAY) {
#ifndef WOLFSSL_NO_MALLOC
XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);