Use only one limb parameter for assign

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2025-08-01 10:06:53 +03:00 · 2022-09-26 17:26:42 +02:00
parent 81e57021c6
commit 3eff425b1a
5 changed files with 14 additions and 17 deletions
--- a/library/constant_time.c
+++ b/library/constant_time.c
@ -682,11 +682,17 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X,
    MPI_VALIDATE_RET( X != NULL );
    MPI_VALIDATE_RET( Y != NULL );

+    /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */
+    mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask( assign );
+
    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );

    X->s = mbedtls_ct_cond_select_sign( assign, Y->s, X->s );

-    mbedtls_mpi_core_cond_assign( X->p, X->n, Y->p, Y->n, assign );
+    mbedtls_mpi_core_cond_assign( X->p, Y->p, Y->n, assign );
+
+    for( size_t i = Y->n; i < X->n; i++ )
+        X->p[i] &= ~limb_mask;

 cleanup:
    return( ret );