Fix issues with newly added check when using fast/integer math.

Simplify logic by using single macro for ECC & RSA.
This commit is contained in:
Kareem
2026-05-27 16:24:47 -07:00
parent d942fe47d5
commit 903fd97dbe
5 changed files with 35 additions and 32 deletions
+12 -20
View File
@@ -327,14 +327,6 @@ ECC Curve Sizes:
#define MAX_ECC_BITS_USE MAX_ECC_BITS_NEEDED
#endif
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
#define ECC_DECL_MP_OVER_MAX(bits) \
(MP_BITS_CNT(bits) > MP_BITS_CNT(MAX_ECC_BITS_USE))
#else
#define ECC_DECL_MP_OVER_MAX(bits) \
((bits) > MAX_ECC_BITS_USE)
#endif
#if !defined(WOLFSSL_CUSTOM_CURVES) && (ECC_MIN_KEY_SZ > 160) && \
(!defined(HAVE_ECC_KOBLITZ) || (ECC_MIN_KEY_SZ > 224))
@@ -2020,7 +2012,7 @@ static int _ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
mp_int *x, *y, *z;
int err;
if (ECC_DECL_MP_OVER_MAX(mp_bitsused(modulus))) {
if (MP_BITS_OVER_MAX(mp_bitsused(modulus), MAX_ECC_BITS_USE)) {
return WC_KEY_SIZE_E;
}
@@ -2424,7 +2416,7 @@ static int _ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a,
mp_int *x, *y, *z;
int err;
if (ECC_DECL_MP_OVER_MAX(mp_bitsused(modulus))) {
if (MP_BITS_OVER_MAX(mp_bitsused(modulus), MAX_ECC_BITS_USE)) {
return WC_KEY_SIZE_E;
}
@@ -2778,7 +2770,7 @@ int ecc_map_ex(ecc_point* P, mp_int* modulus, mp_digit mp, int ct)
#endif
mp_int *x, *y, *z;
if (ECC_DECL_MP_OVER_MAX(mp_bitsused(modulus))) {
if (MP_BITS_OVER_MAX(mp_bitsused(modulus), MAX_ECC_BITS_USE)) {
return WC_KEY_SIZE_E;
}
@@ -3603,7 +3595,7 @@ static int ecc_point_to_mont(ecc_point* p, ecc_point* r, mp_int* modulus,
DECL_MP_INT_SIZE_DYN(mu, mp_bitsused(modulus), MAX_ECC_BITS_USE);
if (ECC_DECL_MP_OVER_MAX(mp_bitsused(modulus))) {
if (MP_BITS_OVER_MAX(mp_bitsused(modulus), MAX_ECC_BITS_USE)) {
return WC_KEY_SIZE_E;
}
@@ -3911,8 +3903,8 @@ static int ecc_check_order_minus_1(const mp_int* k, ecc_point* tG, ecc_point* R,
int err;
DECL_MP_INT_SIZE_DYN(t, mp_bitsused(order), MAX_ECC_BITS_USE);
if (ECC_DECL_MP_OVER_MAX(mp_bitsused(order)) ||
ECC_DECL_MP_OVER_MAX(mp_bitsused(modulus))) {
if (MP_BITS_OVER_MAX(mp_bitsused(order), MAX_ECC_BITS_USE) ||
MP_BITS_OVER_MAX(mp_bitsused(modulus), MAX_ECC_BITS_USE)) {
return WC_KEY_SIZE_E;
}
@@ -6866,7 +6858,7 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
word32 keySz;
#endif
if (ECC_DECL_MP_OVER_MAX(ECC_KEY_MAX_BITS(key))) {
if (MP_BITS_OVER_MAX(ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE)) {
return WC_KEY_SIZE_E;
}
@@ -7071,7 +7063,7 @@ static int ecc_sign_hash_sw(ecc_key* key, ecc_key* pubkey, WC_RNG* rng,
DECL_MP_INT_SIZE_DYN(b, ECC_KEY_MAX_BITS_NONULLCHECK(key), MAX_ECC_BITS_USE);
if (ECC_DECL_MP_OVER_MAX(ECC_KEY_MAX_BITS_NONULLCHECK(key))) {
if (MP_BITS_OVER_MAX(ECC_KEY_MAX_BITS_NONULLCHECK(key), MAX_ECC_BITS_USE)) {
return WC_KEY_SIZE_E;
}
@@ -7402,7 +7394,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
#else
DECLARE_CURVE_SPECS(1);
#endif
if (ECC_DECL_MP_OVER_MAX(ECC_KEY_MAX_BITS(key))) {
if (MP_BITS_OVER_MAX(ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE)) {
return WC_KEY_SIZE_E;
}
#endif /* !WOLFSSL_SP_MATH */
@@ -8325,7 +8317,7 @@ static int ecc_mont_norm_points(ecc_point* A, ecc_point* Am, ecc_point* B,
DECL_MP_INT_SIZE_DYN(mu, mp_bitsused(modulus), MAX_ECC_BITS_USE);
if (ECC_DECL_MP_OVER_MAX(mp_bitsused(modulus))) {
if (MP_BITS_OVER_MAX(mp_bitsused(modulus), MAX_ECC_BITS_USE)) {
return WC_KEY_SIZE_E;
}
@@ -8715,7 +8707,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
word32 keySz;
#endif
if (ECC_DECL_MP_OVER_MAX(ECC_KEY_MAX_BITS(key))) {
if (MP_BITS_OVER_MAX(ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE)) {
return WC_KEY_SIZE_E;
}
@@ -9103,7 +9095,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
mp_int* u1 = NULL; /* Will be e. */
mp_int* u2 = NULL; /* Will be w. */
if (ECC_DECL_MP_OVER_MAX(ECC_KEY_MAX_BITS_NONULLCHECK(key))) {
if (MP_BITS_OVER_MAX(ECC_KEY_MAX_BITS_NONULLCHECK(key), MAX_ECC_BITS_USE)) {
return WC_KEY_SIZE_E;
}
+4 -12
View File
@@ -44,14 +44,6 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/logging.h>
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
#define RSA_DECL_MP_OVER_MAX(bits) \
(MP_BITS_CNT(bits) > MP_BITS_CNT(RSA_MAX_SIZE))
#else
#define RSA_DECL_MP_OVER_MAX(bits) \
((bits) > RSA_MAX_SIZE)
#endif
#ifdef WOLFSSL_AFALG_XILINX_RSA
#include <wolfssl/wolfcrypt/port/af_alg/wc_afalg.h>
#endif
@@ -847,7 +839,7 @@ int wc_CheckRsaKey(RsaKey* key)
}
#endif
if (RSA_DECL_MP_OVER_MAX(mp_bitsused(&key->n))) {
if (MP_BITS_OVER_MAX(mp_bitsused(&key->n), RSA_MAX_SIZE)) {
return WC_KEY_SIZE_E;
}
@@ -2887,7 +2879,7 @@ static int RsaFunctionPrivate(mp_int* tmp, RsaKey* key, WC_RNG* rng)
DECL_MP_INT_SIZE_DYN(rndi, mp_bitsused(&key->n), RSA_MAX_SIZE);
#endif /* WC_RSA_BLINDING && !WC_NO_RNG */
if (RSA_DECL_MP_OVER_MAX(mp_bitsused(&key->n))) {
if (MP_BITS_OVER_MAX(mp_bitsused(&key->n), RSA_MAX_SIZE)) {
return WC_KEY_SIZE_E;
}
@@ -3070,7 +3062,7 @@ static int RsaFunctionSync(const byte* in, word32 inLen, byte* out,
DECL_MP_INT_SIZE_DYN(tmp, mp_bitsused(&key->n), RSA_MAX_SIZE);
int ret = 0;
if (RSA_DECL_MP_OVER_MAX(mp_bitsused(&key->n))) {
if (MP_BITS_OVER_MAX(mp_bitsused(&key->n), RSA_MAX_SIZE)) {
return WC_KEY_SIZE_E;
}
@@ -3504,7 +3496,7 @@ int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key,
DECL_MP_INT_SIZE_DYN(c, mp_bitsused(&key->n), RSA_MAX_SIZE);
if (RSA_DECL_MP_OVER_MAX(mp_bitsused(&key->n))) {
if (MP_BITS_OVER_MAX(mp_bitsused(&key->n), RSA_MAX_SIZE)) {
return WC_KEY_SIZE_E;
}
+4
View File
@@ -213,6 +213,10 @@ typedef int mp_err;
/* Type to cast to when using size marcos. */
#define MP_INT_SIZE mp_int
/* integer.h allocates full-sized mp_int buffers, so DECL_MP_INT_SIZE_DYN
* cannot be undersized for any 'bits' value -- no check is needed. */
#define MP_BITS_OVER_MAX(bits, max) 0
#ifdef HAVE_WOLF_BIGINT
/* raw big integer */
typedef struct WC_BIGINT {
+11
View File
@@ -838,6 +838,17 @@ typedef struct sp_dh_ctx {
#define MP_BITS_CNT(bits) \
((unsigned int)(((((bits) + SP_WORD_SIZE - 1) / SP_WORD_SIZE) * 2 + 1)))
/* True when 'bits' would require more digit storage than 'max'.
*
* Pairs with DECL_MP_INT_SIZE_DYN(name, bits, max) to guard against the
* static buffer (sized for 'max' digits) being undersized for 'bits' when
* the caller's 'bits' value can carry digit/byte alignment slack
* (e.g. mp_bitsused() returns used*SP_WORD_SIZE; dp->size*8 rounds up to a
* full byte). Compare digit-rounded counts so curves like P-521 (521 bits,
* 17 32-bit digits) are not falsely rejected when max == 521. */
#define MP_BITS_OVER_MAX(bits, max) \
(MP_BITS_CNT(bits) > MP_BITS_CNT(max))
#if !defined(WOLFSSL_SP_NO_DYN_STACK) && defined(__STDC_VERSION__) && \
(__STDC_VERSION__ >= 199901L) && \
(defined(WOLFSSL_SP_NO_MALLOC) || \
+4
View File
@@ -371,6 +371,10 @@ while (0)
/* Type to cast to when using size macros. */
#define MP_INT_SIZE mp_int
/* tfm.h allocates full-sized mp_int buffers, so DECL_MP_INT_SIZE_DYN cannot
* be undersized for any 'bits' value -- no check is needed. */
#define MP_BITS_OVER_MAX(bits, max) 0
#ifdef HAVE_WOLF_BIGINT
/* raw big integer */