From ff5317e99bc8e3f1e7e9727c1208d46e595e67ac Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 25 Oct 2015 12:29:13 +0100 Subject: [PATCH] Improved on the fix of #309 and extended the test to cover subroutines. --- library/bignum.c | 15 +++++++++++---- tests/suites/test_suite_mpi.function | 15 ++++++++++++--- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 73ea45360..8223b4cb6 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -893,12 +893,19 @@ int mpi_add_abs( mpi *X, const mpi *A, const mpi *B ) if( X == B ) { - const mpi *T; + if( B == A ) + { + // Making a temporary copy instead of shifting by one to deny + // the possibility of corresponding side-channel attacks. + mpi TB; - if( B == A) - return mpi_shift_l( X, 1 ); + mpi_init( &TB ); + MBEDTLS_MPI_CHK( mpi_copy( &TB, B ) ); - T = A; A = X; B = T; + return mpi_add_abs( X, A, &TB ); + } + + B = A; A = X; } if( X != A ) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index e97202031..c0fdf8e8d 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -443,15 +443,24 @@ exit: void mpi_add_mpi_inplace( int radix_X, char *input_X, int radix_A, char *input_A ) { mpi X, A; - mpi_init( &X ); mbedtls_mpi_init( &A ); + mpi_init( &X ); mpi_init( &A ); + + TEST_ASSERT( mpi_read_string( &A, radix_A, input_A ) == 0 ); + + TEST_ASSERT( mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mpi_sub_abs( &X, &X, &X ) == 0 ); + TEST_ASSERT( mpi_cmp_int( &X, 0 ) == 0 ); + + TEST_ASSERT( mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mpi_add_abs( &X, &X, &X ) == 0 ); + TEST_ASSERT( mpi_cmp_mpi( &X, &A ) == 0 ); TEST_ASSERT( mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mpi_read_string( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mpi_add_mpi( &X, &X, &X ) == 0 ); TEST_ASSERT( mpi_cmp_mpi( &X, &A ) == 0 ); exit: - mpi_free( &X ); mbedtls_mpi_free( &A ); + mpi_free( &X ); mpi_free( &A ); } /* END_CASE */