Merge pull request #6599 from SparkiDev/heapmath_mp_exptmod_fix

JacobBarthelmeh · web-flow · commit 8c012b5df5d5 · 2023-07-12T16:57:51.000-06:00
Heap Math exptmod: fixes for valid modulus checks
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
@@ -955,7 +955,7 @@ int wolfcrypt_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
   }
 
 #ifdef BN_MP_EXPTMOD_BASE_2
-  if (G->used == 1 && G->dp[0] == 2) {
+  if (G->used == 1 && G->dp[0] == 2 && mp_isodd(P) == MP_YES) {
     return mp_exptmod_base_2(X, P, Y);
   }
 #endif
@@ -985,7 +985,7 @@ int wolfcrypt_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
   }
 #endif
 
-  /* if the modulus is odd or dr != 0 use the montgomery method */
+  /* if the modulus is odd use the montgomery method, or use other known */
 #ifdef BN_MP_EXPTMOD_FAST_C
   if (mp_isodd (P) == MP_YES || dr !=  0) {
     return mp_exptmod_fast (G, X, P, Y, dr);
@@ -1985,7 +1985,6 @@ int mp_dr_is_modulus(mp_int *a)
    return 1;
 }
 
-
 /* computes Y == G**X mod P, HAC pp.616, Algorithm 14.85
  *
  * Uses a left-to-right k-ary sliding window to compute the modular
@@ -2113,7 +2112,10 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
      if ((err = mp_reduce_2k_setup(P, &mp)) != MP_OKAY) {
         goto LBL_M;
      }
-     redux = mp_reduce_2k;
+     /* mp of zero is not usable */
+     if (mp != 0) {
+         redux = mp_reduce_2k;
+     }
 #endif
   }
 

Original file line number	Diff line number	Diff line change
`@@ -955,7 +955,7 @@ int wolfcrypt_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)`
`955`	`955`	`}`
`956`	`956`
`957`	`957`	`#ifdef BN_MP_EXPTMOD_BASE_2`
`958`		`- if (G->used == 1 && G->dp[0] == 2) {`
	`958`	`+ if (G->used == 1 && G->dp[0] == 2 && mp_isodd(P) == MP_YES) {`
`959`	`959`	`return mp_exptmod_base_2(X, P, Y);`
`960`	`960`	`}`
`961`	`961`	`#endif`
`@@ -985,7 +985,7 @@ int wolfcrypt_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)`
`985`	`985`	`}`
`986`	`986`	`#endif`
`987`	`987`
`988`		`- /* if the modulus is odd or dr != 0 use the montgomery method */`
	`988`	`+ /* if the modulus is odd use the montgomery method, or use other known */`
`989`	`989`	`#ifdef BN_MP_EXPTMOD_FAST_C`
`990`	`990`	`if (mp_isodd (P) == MP_YES \|\| dr != 0) {`
`991`	`991`	`return mp_exptmod_fast (G, X, P, Y, dr);`
`@@ -1985,7 +1985,6 @@ int mp_dr_is_modulus(mp_int *a)`
`1985`	`1985`	`return 1;`
`1986`	`1986`	`}`
`1987`	`1987`
`1988`		`-`
`1989`	`1988`	`/* computes Y == G**X mod P, HAC pp.616, Algorithm 14.85`
`1990`	`1989`	`*`
`1991`	`1990`	`* Uses a left-to-right k-ary sliding window to compute the modular`
`@@ -2113,7 +2112,10 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,`
`2113`	`2112`	`if ((err = mp_reduce_2k_setup(P, &mp)) != MP_OKAY) {`
`2114`	`2113`	`goto LBL_M;`
`2115`	`2114`	`}`
`2116`		`- redux = mp_reduce_2k;`
	`2115`	`+ /* mp of zero is not usable */`
	`2116`	`+ if (mp != 0) {`
	`2117`	`+ redux = mp_reduce_2k;`
	`2118`	`+ }`
`2117`	`2119`	`#endif`
`2118`	`2120`	`}`
`2119`	`2121`