From 903fd97dbe7909b57526b7efc1f2701ff962c8cc Mon Sep 17 00:00:00 2001 From: Kareem Date: Wed, 27 May 2026 16:24:47 -0700 Subject: [PATCH] Fix issues with newly added check when using fast/integer math. Simplify logic by using single macro for ECC & RSA. --- wolfcrypt/src/ecc.c | 32 ++++++++++++-------------------- wolfcrypt/src/rsa.c | 16 ++++------------ wolfssl/wolfcrypt/integer.h | 4 ++++ wolfssl/wolfcrypt/sp_int.h | 11 +++++++++++ wolfssl/wolfcrypt/tfm.h | 4 ++++ 5 files changed, 35 insertions(+), 32 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 0668c3d956..293802af31 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -327,14 +327,6 @@ ECC Curve Sizes: #define MAX_ECC_BITS_USE MAX_ECC_BITS_NEEDED #endif -#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) -#define ECC_DECL_MP_OVER_MAX(bits) \ - (MP_BITS_CNT(bits) > MP_BITS_CNT(MAX_ECC_BITS_USE)) -#else -#define ECC_DECL_MP_OVER_MAX(bits) \ - ((bits) > MAX_ECC_BITS_USE) -#endif - #if !defined(WOLFSSL_CUSTOM_CURVES) && (ECC_MIN_KEY_SZ > 160) && \ (!defined(HAVE_ECC_KOBLITZ) || (ECC_MIN_KEY_SZ > 224)) @@ -2020,7 +2012,7 @@ static int _ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, mp_int *x, *y, *z; int err; - if (ECC_DECL_MP_OVER_MAX(mp_bitsused(modulus))) { + if (MP_BITS_OVER_MAX(mp_bitsused(modulus), MAX_ECC_BITS_USE)) { return WC_KEY_SIZE_E; } @@ -2424,7 +2416,7 @@ static int _ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a, mp_int *x, *y, *z; int err; - if (ECC_DECL_MP_OVER_MAX(mp_bitsused(modulus))) { + if (MP_BITS_OVER_MAX(mp_bitsused(modulus), MAX_ECC_BITS_USE)) { return WC_KEY_SIZE_E; } @@ -2778,7 +2770,7 @@ int ecc_map_ex(ecc_point* P, mp_int* modulus, mp_digit mp, int ct) #endif mp_int *x, *y, *z; - if (ECC_DECL_MP_OVER_MAX(mp_bitsused(modulus))) { + if (MP_BITS_OVER_MAX(mp_bitsused(modulus), MAX_ECC_BITS_USE)) { return WC_KEY_SIZE_E; } @@ -3603,7 +3595,7 @@ static int ecc_point_to_mont(ecc_point* p, ecc_point* r, mp_int* modulus, DECL_MP_INT_SIZE_DYN(mu, mp_bitsused(modulus), MAX_ECC_BITS_USE); - if (ECC_DECL_MP_OVER_MAX(mp_bitsused(modulus))) { + if (MP_BITS_OVER_MAX(mp_bitsused(modulus), MAX_ECC_BITS_USE)) { return WC_KEY_SIZE_E; } @@ -3911,8 +3903,8 @@ static int ecc_check_order_minus_1(const mp_int* k, ecc_point* tG, ecc_point* R, int err; DECL_MP_INT_SIZE_DYN(t, mp_bitsused(order), MAX_ECC_BITS_USE); - if (ECC_DECL_MP_OVER_MAX(mp_bitsused(order)) || - ECC_DECL_MP_OVER_MAX(mp_bitsused(modulus))) { + if (MP_BITS_OVER_MAX(mp_bitsused(order), MAX_ECC_BITS_USE) || + MP_BITS_OVER_MAX(mp_bitsused(modulus), MAX_ECC_BITS_USE)) { return WC_KEY_SIZE_E; } @@ -6866,7 +6858,7 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, word32 keySz; #endif - if (ECC_DECL_MP_OVER_MAX(ECC_KEY_MAX_BITS(key))) { + if (MP_BITS_OVER_MAX(ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE)) { return WC_KEY_SIZE_E; } @@ -7071,7 +7063,7 @@ static int ecc_sign_hash_sw(ecc_key* key, ecc_key* pubkey, WC_RNG* rng, DECL_MP_INT_SIZE_DYN(b, ECC_KEY_MAX_BITS_NONULLCHECK(key), MAX_ECC_BITS_USE); - if (ECC_DECL_MP_OVER_MAX(ECC_KEY_MAX_BITS_NONULLCHECK(key))) { + if (MP_BITS_OVER_MAX(ECC_KEY_MAX_BITS_NONULLCHECK(key), MAX_ECC_BITS_USE)) { return WC_KEY_SIZE_E; } @@ -7402,7 +7394,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, #else DECLARE_CURVE_SPECS(1); #endif - if (ECC_DECL_MP_OVER_MAX(ECC_KEY_MAX_BITS(key))) { + if (MP_BITS_OVER_MAX(ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE)) { return WC_KEY_SIZE_E; } #endif /* !WOLFSSL_SP_MATH */ @@ -8325,7 +8317,7 @@ static int ecc_mont_norm_points(ecc_point* A, ecc_point* Am, ecc_point* B, DECL_MP_INT_SIZE_DYN(mu, mp_bitsused(modulus), MAX_ECC_BITS_USE); - if (ECC_DECL_MP_OVER_MAX(mp_bitsused(modulus))) { + if (MP_BITS_OVER_MAX(mp_bitsused(modulus), MAX_ECC_BITS_USE)) { return WC_KEY_SIZE_E; } @@ -8715,7 +8707,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, word32 keySz; #endif - if (ECC_DECL_MP_OVER_MAX(ECC_KEY_MAX_BITS(key))) { + if (MP_BITS_OVER_MAX(ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE)) { return WC_KEY_SIZE_E; } @@ -9103,7 +9095,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash, mp_int* u1 = NULL; /* Will be e. */ mp_int* u2 = NULL; /* Will be w. */ - if (ECC_DECL_MP_OVER_MAX(ECC_KEY_MAX_BITS_NONULLCHECK(key))) { + if (MP_BITS_OVER_MAX(ECC_KEY_MAX_BITS_NONULLCHECK(key), MAX_ECC_BITS_USE)) { return WC_KEY_SIZE_E; } diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 54880d5ac2..b8ee0b6a83 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -44,14 +44,6 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #include #include -#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) -#define RSA_DECL_MP_OVER_MAX(bits) \ - (MP_BITS_CNT(bits) > MP_BITS_CNT(RSA_MAX_SIZE)) -#else -#define RSA_DECL_MP_OVER_MAX(bits) \ - ((bits) > RSA_MAX_SIZE) -#endif - #ifdef WOLFSSL_AFALG_XILINX_RSA #include #endif @@ -847,7 +839,7 @@ int wc_CheckRsaKey(RsaKey* key) } #endif - if (RSA_DECL_MP_OVER_MAX(mp_bitsused(&key->n))) { + if (MP_BITS_OVER_MAX(mp_bitsused(&key->n), RSA_MAX_SIZE)) { return WC_KEY_SIZE_E; } @@ -2887,7 +2879,7 @@ static int RsaFunctionPrivate(mp_int* tmp, RsaKey* key, WC_RNG* rng) DECL_MP_INT_SIZE_DYN(rndi, mp_bitsused(&key->n), RSA_MAX_SIZE); #endif /* WC_RSA_BLINDING && !WC_NO_RNG */ - if (RSA_DECL_MP_OVER_MAX(mp_bitsused(&key->n))) { + if (MP_BITS_OVER_MAX(mp_bitsused(&key->n), RSA_MAX_SIZE)) { return WC_KEY_SIZE_E; } @@ -3070,7 +3062,7 @@ static int RsaFunctionSync(const byte* in, word32 inLen, byte* out, DECL_MP_INT_SIZE_DYN(tmp, mp_bitsused(&key->n), RSA_MAX_SIZE); int ret = 0; - if (RSA_DECL_MP_OVER_MAX(mp_bitsused(&key->n))) { + if (MP_BITS_OVER_MAX(mp_bitsused(&key->n), RSA_MAX_SIZE)) { return WC_KEY_SIZE_E; } @@ -3504,7 +3496,7 @@ int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key, DECL_MP_INT_SIZE_DYN(c, mp_bitsused(&key->n), RSA_MAX_SIZE); - if (RSA_DECL_MP_OVER_MAX(mp_bitsused(&key->n))) { + if (MP_BITS_OVER_MAX(mp_bitsused(&key->n), RSA_MAX_SIZE)) { return WC_KEY_SIZE_E; } diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h index 7e4792a6d5..3773c290bb 100644 --- a/wolfssl/wolfcrypt/integer.h +++ b/wolfssl/wolfcrypt/integer.h @@ -213,6 +213,10 @@ typedef int mp_err; /* Type to cast to when using size marcos. */ #define MP_INT_SIZE mp_int +/* integer.h allocates full-sized mp_int buffers, so DECL_MP_INT_SIZE_DYN + * cannot be undersized for any 'bits' value -- no check is needed. */ +#define MP_BITS_OVER_MAX(bits, max) 0 + #ifdef HAVE_WOLF_BIGINT /* raw big integer */ typedef struct WC_BIGINT { diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h index 74b4017737..31936d4075 100644 --- a/wolfssl/wolfcrypt/sp_int.h +++ b/wolfssl/wolfcrypt/sp_int.h @@ -838,6 +838,17 @@ typedef struct sp_dh_ctx { #define MP_BITS_CNT(bits) \ ((unsigned int)(((((bits) + SP_WORD_SIZE - 1) / SP_WORD_SIZE) * 2 + 1))) +/* True when 'bits' would require more digit storage than 'max'. + * + * Pairs with DECL_MP_INT_SIZE_DYN(name, bits, max) to guard against the + * static buffer (sized for 'max' digits) being undersized for 'bits' when + * the caller's 'bits' value can carry digit/byte alignment slack + * (e.g. mp_bitsused() returns used*SP_WORD_SIZE; dp->size*8 rounds up to a + * full byte). Compare digit-rounded counts so curves like P-521 (521 bits, + * 17 32-bit digits) are not falsely rejected when max == 521. */ +#define MP_BITS_OVER_MAX(bits, max) \ + (MP_BITS_CNT(bits) > MP_BITS_CNT(max)) + #if !defined(WOLFSSL_SP_NO_DYN_STACK) && defined(__STDC_VERSION__) && \ (__STDC_VERSION__ >= 199901L) && \ (defined(WOLFSSL_SP_NO_MALLOC) || \ diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index 3868ca6402..0a89b049e3 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -371,6 +371,10 @@ while (0) /* Type to cast to when using size macros. */ #define MP_INT_SIZE mp_int +/* tfm.h allocates full-sized mp_int buffers, so DECL_MP_INT_SIZE_DYN cannot + * be undersized for any 'bits' value -- no check is needed. */ +#define MP_BITS_OVER_MAX(bits, max) 0 + #ifdef HAVE_WOLF_BIGINT /* raw big integer */