Change mpi_safe_cond_assign() for more const-ness

2025-11-04 04:32:24 -05:00 · 2013-11-25 18:28:53 +01:00 · 2013-11-25 18:28:53 +01:00 · 96c7a92b08
commit 96c7a92b08
parent 3e3d2b818c
3 changed files with 9 additions and 8 deletions
--- a/include/polarssl/bignum.h
+++ b/include/polarssl/bignum.h
@ -249,7 +249,7 @@ void mpi_swap( mpi *X, mpi *Y );
 *                 information through branch prediction and/or memory access
 *                 patterns analysis).
 */
-int mpi_safe_cond_assign( mpi *X, mpi *Y, unsigned char assign );
+int mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign );

 /**
 * \brief          Set value from integer
--- a/library/bignum.c
+++ b/library/bignum.c
@ -206,8 +206,10 @@ void mpi_swap( mpi *X, mpi *Y )

 /*
 * Conditionally assign X = Y, without leaking information
+ * about whether the assignment was made or not.
+ * (Leaking information about the respective sizes of X and Y is ok however.)
 */
-int mpi_safe_cond_assign( mpi *X, mpi *Y, unsigned char assign )
+int mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign )
 {
    int ret = 0;
    size_t i;
@ -215,16 +217,15 @@ int mpi_safe_cond_assign( mpi *X, mpi *Y, unsigned char assign )
    if( assign * ( 1 - assign ) != 0 )
        return( POLARSSL_ERR_MPI_BAD_INPUT_DATA );

-    /* Make sure both MPIs have the same size */
-    if( X->n > Y->n )
-        MPI_CHK( mpi_grow( Y, X->n ) );
    if( Y->n > X->n )
        MPI_CHK( mpi_grow( X, Y->n ) );

    /* Do the conditional assign safely */
    X->s = X->s * (1 - assign) + Y->s * assign;
-    for( i = 0; i < X->n; i++ )
+    for( i = 0; i < Y->n; i++ )
        X->p[i] = X->p[i] * (1 - assign) + Y->p[i] * assign;
+    for( ; i < X->n; i++ )
+        X->p[i] *= (1 - assign);

 cleanup:
    return( ret );
--- a/library/ecp.c
+++ b/library/ecp.c
@ -1392,7 +1392,7 @@ cleanup:
 * Select precomputed point: R = sign(i) * T[ abs(i) / 2 ]
 */
 static int ecp_select_comb( const ecp_group *grp, ecp_point *R,
-                            ecp_point T[], unsigned char t_len,
+                            const ecp_point T[], unsigned char t_len,
                            unsigned char i )
 {
    int ret;
@ -1425,7 +1425,7 @@ cleanup:
 * Cost: d A + d D + 1 R
 */
 static int ecp_mul_comb_core( const ecp_group *grp, ecp_point *R,
-                              ecp_point T[], unsigned char t_len,
+                              const ecp_point T[], unsigned char t_len,
                              const unsigned char x[], size_t d,
                              int (*f_rng)(void *, unsigned char *, size_t),
                              void *p_rng )