diff --git a/library/bignum.c b/library/bignum.c index d3a1b00d52..2421c1a3ec 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1136,7 +1136,8 @@ int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi MPI_VALIDATE_RET(A != NULL); MPI_VALIDATE_RET(B != NULL); - mbedtls_mpi_init(&TA); mbedtls_mpi_init(&TB); + mbedtls_mpi_init(&TA); + mbedtls_mpi_init(&TB); if (X == A) { MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TA, A)); A = &TA; @@ -1166,13 +1167,7 @@ int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i + j)); MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0)); - for (size_t k = 0; k < j; k++) { - /* We know that there cannot be any carry-out since we're - * iterating from bottom to top. */ - (void) mbedtls_mpi_core_mla(X->p + k, i + 1, - A->p, i, - B->p[k]); - } + mbedtls_mpi_core_mul(X->p, A->p, i, B->p, j); /* If the result is 0, we don't shortcut the operation, which reduces * but does not eliminate side channels leaking the zero-ness. We do diff --git a/library/bignum_core.c b/library/bignum_core.c index 1ec5340b7d..1ba4142c7e 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -448,13 +448,15 @@ mbedtls_mpi_uint mbedtls_mpi_core_mla(mbedtls_mpi_uint *d, size_t d_len, return c; } -void MPI_CORE(mul)( mbedtls_mpi_uint *X, - const mbedtls_mpi_uint *A, size_t a, - const mbedtls_mpi_uint *B, size_t b ) +void mbedtls_mpi_core_mul(mbedtls_mpi_uint *X, + const mbedtls_mpi_uint *A, size_t A_limbs, + const mbedtls_mpi_uint *B, size_t B_limbs) { - memset( X, 0, ( a + b ) * ciL ); - for( size_t i=0; i < b; i++ ) - (void) mbedtls_mpi_core_mla( X + i, a + 1, A, a, B[i] ); + memset(X, 0, (A_limbs + B_limbs) * ciL); + + for (size_t i = 0; i < B_limbs; i++) { + (void) mbedtls_mpi_core_mla(X + i, A_limbs + 1, A, A_limbs, B[i]); + } } /* diff --git a/library/bignum_core.h b/library/bignum_core.h index f66db8fd43..3a111600b8 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -398,24 +398,22 @@ mbedtls_mpi_uint mbedtls_mpi_core_mla(mbedtls_mpi_uint *X, size_t X_limbs, const mbedtls_mpi_uint *A, size_t A_limbs, mbedtls_mpi_uint b); -#define MPI_CORE(func) mbedtls_mpi_core_ ## func ## _minimal - /** * \brief Perform a known-size multiplication * - * \param[out] X The pointer to the (little-endian) array - * representing the product of \p a and \p b. - * This must be of length \p a + \p b. - * \param[in] A The pointer to the (little-endian) array - * representing the first factor. - * \param a The number of limbs in \p A. - * \param[in] B The pointer to the (little-endian) array - * representing the second factor. - * \param b The number of limbs in \p B. + * \param[out] X The pointer to the (little-endian) array to receive + * the product of \p A_limbs and \p B_limbs. + * This must be of length \p A_limbs + \p B_limbs. + * \param[in] A The pointer to the (little-endian) array + * representing the first factor. + * \param A_limbs The number of limbs in \p A. + * \param[in] B The pointer to the (little-endian) array + * representing the second factor. + * \param B_limbs The number of limbs in \p B. */ -void MPI_CORE(mul)( mbedtls_mpi_uint *X, - const mbedtls_mpi_uint *A, size_t a, - const mbedtls_mpi_uint *B, size_t b ); +void mbedtls_mpi_core_mul(mbedtls_mpi_uint *X, + const mbedtls_mpi_uint *A, size_t A_limbs, + const mbedtls_mpi_uint *B, size_t B_limbs); /** * \brief Calculate initialisation value for fast Montgomery modular