From a7f0d7b029382b77ae3ff19ecd0ca1b305b11021 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 7 Dec 2022 13:29:07 +0000 Subject: [PATCH] mbedtls_mpi_core_exp_mod() ouuput may alias input A Signed-off-by: Tom Cosgrove --- library/bignum_core.h | 3 +++ tests/suites/test_suite_bignum_core.function | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/library/bignum_core.h b/library/bignum_core.h index add7fee32..b7af4d0aa 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -517,6 +517,9 @@ size_t mbedtls_mpi_core_exp_mod_working_limbs( size_t AN_limbs, size_t E_limbs ) * \brief Perform a modular exponentiation with secret exponent: * X = A^E mod N, where \p A is already in Montgomery form. * + * \p X may be aliased to \p A, but not to \p RR or \p E, even if \p E_limbs == + * \p AN_limbs. + * * \param[out] X The destination MPI, as a little endian array of length * \p AN_limbs. * \param[in] A The base MPI, as a little endian array of length \p AN_limbs. diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function index b64127afc..7bf03fb49 100644 --- a/tests/suites/test_suite_bignum_core.function +++ b/tests/suites/test_suite_bignum_core.function @@ -1097,6 +1097,12 @@ void mpi_core_exp_mod( char * input_N, char * input_A, TEST_EQUAL( 0, memcmp( X, Y, N_limbs * sizeof( mbedtls_mpi_uint ) ) ); + /* Check when output aliased to input */ + + mbedtls_mpi_core_exp_mod( A, A, N, N_limbs, E, E_limbs, R2, T ); + + TEST_EQUAL( 0, memcmp( X, A, N_limbs * sizeof( mbedtls_mpi_uint ) ) ); + exit: mbedtls_free( T ); mbedtls_free( A );