From 42f72b3ea5b7210b2dbde99a3b3f7f7a8155a1dd Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Aug 2024 08:25:33 +0100 Subject: [PATCH] Introduce MBEDTLS_MPI_IS_TEST A + B + 1 is not a good way to get a number that's neither A nor B. This can be a problem for example if values later are changed to A = 0 and B = -1. Signed-off-by: Janos Follath --- library/bignum_core.c | 3 +-- library/bignum_core.h | 7 +++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 4231554b84..76b1da72ee 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -747,8 +747,7 @@ static void exp_mod_precompute_window(const mbedtls_mpi_uint *A, } #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) -// Set to a default that is neither MBEDTLS_MPI_IS_PUBLIC nor MBEDTLS_MPI_IS_SECRET -int mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_PUBLIC + MBEDTLS_MPI_IS_SECRET + 1; +int mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_TEST; #endif /* diff --git a/library/bignum_core.h b/library/bignum_core.h index cf6485a148..e64128f160 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -110,6 +110,10 @@ * other than the two below is passed, default to the safe path.) */ #define MBEDTLS_MPI_IS_PUBLIC 0x2a2a2a2a #define MBEDTLS_MPI_IS_SECRET 0 +#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) +// Default value for testing that is neither MBEDTLS_MPI_IS_PUBLIC nor MBEDTLS_MPI_IS_SECRET +#define MBEDTLS_MPI_IS_TEST 1 +#endif /** Count leading zero bits in a given integer. * @@ -825,8 +829,7 @@ extern int mbedtls_mpi_optionally_safe_codepath; static inline void mbedtls_mpi_optionally_safe_codepath_reset(void) { - // Set to a default that is neither MBEDTLS_MPI_IS_PUBLIC nor MBEDTLS_MPI_IS_SECRET - mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_PUBLIC + MBEDTLS_MPI_IS_SECRET + 1; + mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_TEST; } #endif