mbedtls_mpi_gcd: fix the case B==0

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-06-09 13:26:43 +02:00
parent 37e7736d8e
commit b5e56ec5fd
2 changed files with 14 additions and 0 deletions

View file

@ -0,0 +1,4 @@
Bugfix
* Fix mbedtls_mpi_gcd(G,A,B) when the value of B is zero. This had no
effect on Mbed TLS's internal use of mbedtls_mpi_gcd(), but may affect
applications that call mbedtls_mpi_gcd() directly. Fixes #4642.

View file

@ -2391,6 +2391,16 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B
lz = mbedtls_mpi_lsb( &TA );
lzt = mbedtls_mpi_lsb( &TB );
/* The loop below gives the correct result when A==0 but not when B==0.
* So have a special case for B==0. Leverage the fact that we just
* calculated the lsb and lsb(B)==0 iff B is odd or 0 to make the test
* slightly more efficient than cmp_int(). */
if( lzt == 0 && mbedtls_mpi_get_bit( &TB, 0 ) == 0 )
{
ret = mbedtls_mpi_copy( G, A );
goto cleanup;
}
if( lzt < lz )
lz = lzt;