wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

additional checks on fp montgomery return value

Browse Source
This commit is contained in:
Jacob Barthelmeh
2021-11-03 11:40:14 -06:00
parent d24bfb6bf7
commit 7ca95bfaca
1 changed files with 31 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
wolfcrypt/src/tfm.c
View File

@ -1420,7 +1420,7 @@ top:
/* modulus (b) must be greater than 2 and a prime */ /* modulus (b) must be greater than 2 and a prime */
int fp_invmod_mont_ct(fp_int *a, fp_int *b, fp_int *c, fp_digit mp) int fp_invmod_mont_ct(fp_int *a, fp_int *b, fp_int *c, fp_digit mp)
{ {
int i, j; int i, j, err = FP_OKAY;
#ifndef WOLFSSL_SMALL_STACK #ifndef WOLFSSL_SMALL_STACK
fp_int t[1], e[1]; fp_int t[1], e[1];
fp_int pre[CT_INV_MOD_PRE_CNT]; fp_int pre[CT_INV_MOD_PRE_CNT];
@ -1450,10 +1450,10 @@ int fp_invmod_mont_ct(fp_int *a, fp_int *b, fp_int *c, fp_digit mp)
fp_copy(a, &pre[0]); fp_copy(a, &pre[0]);
for (i = 1; i < CT_INV_MOD_PRE_CNT; i++) { for (i = 1; i < CT_INV_MOD_PRE_CNT; i++) {
fp_init(&pre[i]); fp_init(&pre[i]);
fp_sqr(&pre[i-1], &pre[i]); err |= fp_sqr(&pre[i-1], &pre[i]);
fp_montgomery_reduce(&pre[i], b, mp); err |= fp_montgomery_reduce(&pre[i], b, mp);
fp_mul(&pre[i], a, &pre[i]); err |= fp_mul(&pre[i], a, &pre[i]);
fp_montgomery_reduce(&pre[i], b, mp); err |= fp_montgomery_reduce(&pre[i], b, mp);
} }
fp_sub_d(b, 2, e); fp_sub_d(b, 2, e);
@ -1470,25 +1470,26 @@ int fp_invmod_mont_ct(fp_int *a, fp_int *b, fp_int *c, fp_digit mp)
int set = fp_is_bit_set(e, i); int set = fp_is_bit_set(e, i);
if ((j == CT_INV_MOD_PRE_CNT) || (!set && j > 0)) { if ((j == CT_INV_MOD_PRE_CNT) || (!set && j > 0)) {
fp_mul(t, &pre[j-1], t); err |= fp_mul(t, &pre[j-1], t);
fp_montgomery_reduce(t, b, mp); err |= fp_montgomery_reduce(t, b, mp);
j = 0; j = 0;
} }
fp_sqr(t, t); err |= fp_sqr(t, t);
fp_montgomery_reduce(t, b, mp); err |= fp_montgomery_reduce(t, b, mp);
j += set; j += set;
} }
if (j > 0) { if (j > 0) {
fp_mul(t, &pre[j-1], c); err |= fp_mul(t, &pre[j-1], c);
fp_montgomery_reduce(c, b, mp); err |= fp_montgomery_reduce(c, b, mp);
} }
else else
fp_copy(t, c); fp_copy(t, c);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
#endif #endif
return FP_OKAY;
return err;
} }
/* d = a * b (mod c) */ /* d = a * b (mod c) */
@ -1876,7 +1877,11 @@ int fp_exptmod_nb(exptModNb_t* nb, fp_int* G, fp_int* X, fp_int* P, fp_int* Y)
break; break;
case TFM_EXPTMOD_NB_MUL_RED: case TFM_EXPTMOD_NB_MUL_RED:
fp_montgomery_reduce(&nb->R[nb->y^1], P, nb->mp); err = fp_montgomery_reduce(&nb->R[nb->y^1], P, nb->mp);
if (err != FP_OKAY) {
nb->state = TFM_EXPTMOD_NB_INIT;
return err;
}
nb->state = TFM_EXPTMOD_NB_SQR; nb->state = TFM_EXPTMOD_NB_SQR;
break; break;
@ -1899,20 +1904,28 @@ int fp_exptmod_nb(exptModNb_t* nb, fp_int* G, fp_int* X, fp_int* P, fp_int* Y)
case TFM_EXPTMOD_NB_SQR_RED: case TFM_EXPTMOD_NB_SQR_RED:
#ifdef WC_NO_CACHE_RESISTANT #ifdef WC_NO_CACHE_RESISTANT
fp_montgomery_reduce(&nb->R[nb->y], P, nb->mp); err = fp_montgomery_reduce(&nb->R[nb->y], P, nb->mp);
#else #else
fp_montgomery_reduce(&nb->R[2], P, nb->mp); err = fp_montgomery_reduce(&nb->R[2], P, nb->mp);
fp_copy(&nb->R[2], fp_copy(&nb->R[2],
(fp_int*) ( ((wc_ptr_t)&nb->R[0] & wc_off_on_addr[nb->y^1]) + (fp_int*) ( ((wc_ptr_t)&nb->R[0] & wc_off_on_addr[nb->y^1]) +
((wc_ptr_t)&nb->R[1] & wc_off_on_addr[nb->y]) ) ); ((wc_ptr_t)&nb->R[1] & wc_off_on_addr[nb->y]) ) );
#endif /* WC_NO_CACHE_RESISTANT */ #endif /* WC_NO_CACHE_RESISTANT */
if (err != FP_OKAY) {
nb->state = TFM_EXPTMOD_NB_INIT;
return err;
}
nb->state = TFM_EXPTMOD_NB_NEXT; nb->state = TFM_EXPTMOD_NB_NEXT;
break; break;
case TFM_EXPTMOD_NB_RED: case TFM_EXPTMOD_NB_RED:
/* final reduce */ /* final reduce */
fp_montgomery_reduce(&nb->R[0], P, nb->mp); err = fp_montgomery_reduce(&nb->R[0], P, nb->mp);
if (err != FP_OKAY) {
nb->state = TFM_EXPTMOD_NB_INIT;
return err;
}
fp_copy(&nb->R[0], Y); fp_copy(&nb->R[0], Y);
nb->state = TFM_EXPTMOD_NB_INIT; nb->state = TFM_EXPTMOD_NB_INIT;
@ -2272,7 +2285,7 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
#endif #endif
return err; return err;
} }
fp_montgomery_reduce_ex(res, P, mp, 0); err = fp_montgomery_reduce_ex(res, P, mp, 0);
if (err != FP_OKAY) { if (err != FP_OKAY) {
#ifndef WOLFSSL_NO_MALLOC #ifndef WOLFSSL_NO_MALLOC
XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); XFREE(M, NULL, DYNAMIC_TYPE_BIGINT);