From b62bad442e6afc863829d130f3cb5e5b5bacdf61 Mon Sep 17 00:00:00 2001
From: Janos Follath <janos.follath@arm.com>
Date: Thu, 24 Nov 2022 16:48:41 +0000
Subject: [PATCH] Bidnum Mod: fix check in setup

We want to make sure that the value has at least as many limbs allocated
as the modulus as we need this to be able to do any operations in
constant time.

An invariant of the API is that the residue values are canonical, make
sure that the residue is compared to the entire modulus.

Signed-off-by: Janos Follath <janos.follath@arm.com>
---
 library/bignum_mod.c                    |  2 +-
 tests/suites/test_suite_bignum_mod.data | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/library/bignum_mod.c b/library/bignum_mod.c
index c10fb2ed3..1b3aff6a3 100644
--- a/library/bignum_mod.c
+++ b/library/bignum_mod.c
@@ -39,7 +39,7 @@ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r,
                                    mbedtls_mpi_uint *p,
                                    size_t p_limbs )
 {
-    if( p_limbs > m->limbs || !mbedtls_mpi_core_lt_ct( p, m->p, p_limbs ) )
+    if( p_limbs < m->limbs || !mbedtls_mpi_core_lt_ct( p, m->p, m->limbs ) )
         return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
 
     r->limbs = m->limbs;
diff --git a/tests/suites/test_suite_bignum_mod.data b/tests/suites/test_suite_bignum_mod.data
index e0aa5407f..02bc9f793 100644
--- a/tests/suites/test_suite_bignum_mod.data
+++ b/tests/suites/test_suite_bignum_mod.data
@@ -57,16 +57,16 @@ Test mbedtls_mpi_residue_setup #2 r == m - 1
 mpi_residue_setup:"ff":"fe":0
 
 Test mbedtls_mpi_residue_setup #3 m->limbs > r-> limbs && m > r
-mpi_residue_setup:"000000000000000000000000000000007dfe5c6beb35a2d6":"fe":0
+mpi_residue_setup:"000000000000000000000000000000007dfe5c6beb35a2d6":"fe":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
 
-Test mbedtls_mpi_residue_setup #4 m->limbs > r-> limbs && m > r
-mpi_residue_setup:"7ffffffffffffffffffffffffffffffffffffffffffffff1":"fe":0
+Test mbedtls_mpi_residue_setup #4 m->limbs = r-> limbs && m > r
+mpi_residue_setup:"7ffffffffffffffffffffffffffffffffffffffffffffff1":"0000000000000000000000000000000000000000000000fe":0
 
-Test mbedtls_mpi_residue_setup #5 m->limbs > r-> limbs && m > r
-mpi_residue_setup:"7ffffffffffffffffffff000000000000000000000000000":"fe":-4
+Test mbedtls_mpi_residue_setup #5 m->limbs < r-> limbs && m > r
+mpi_residue_setup:"7ffffffff0000000":"000000000000000fe":0
 
 Test mbedtls_mpi_residue_setup #6 m->limbs < r-> limbs && m > r
-mpi_residue_setup:"ff":"000000000000000000000000000000000000000000000001":-4
+mpi_residue_setup:"ff":"000000000000000000000000000000000000000000000001":0
 
 Test mbedtls_mpi_residue_setup #7 r == m
 mpi_residue_setup:"fe":"fe":-4