From 6cb4f0fe08d7d74d9a781ede826ae5e9816bba54 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 26 Jul 2021 09:34:56 +1000 Subject: [PATCH] ECC: ecc point multiply doesn't handle large multipliers Detect large multiplier and return error. --- wolfcrypt/src/ecc.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 83256a893..4db240638 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3036,6 +3036,12 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, goto exit; } + /* k can't have more bits than modulus count plus 1 */ + if (mp_count_bits(k) > mp_count_bits(modulus) + 1) { + err = ECC_OUT_OF_RANGE_E; + goto exit; + } + #ifdef WOLFSSL_SMALL_STACK_CACHE if (key == NULL) { err = MP_MEM; @@ -3170,6 +3176,11 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, return ECC_BAD_ARG_E; } + /* k can't have more bits than order */ + if (mp_count_bits(k) > mp_count_bits(order)) { + return ECC_OUT_OF_RANGE_E; + } + /* init variables */ tG = NULL; XMEMSET(M, 0, sizeof(M)); @@ -10675,6 +10686,11 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, return ECC_BAD_ARG_E; } + /* k can't have more bits than modulus count plus 1 */ + if (mp_count_bits(k) > mp_count_bits(modulus) + 1) { + return ECC_OUT_OF_RANGE_E; + } + if (mp_init(&mu) != MP_OKAY) return MP_INIT_E; @@ -10785,14 +10801,14 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, return ECC_BAD_ARG_E; } - if (mp_init(&mu) != MP_OKAY) - return MP_INIT_E; - /* k can't have more bits than order */ if (mp_count_bits(k) > mp_count_bits(order)) { return ECC_OUT_OF_RANGE_E; } + if (mp_init(&mu) != MP_OKAY) + return MP_INIT_E; + #ifndef HAVE_THREAD_LS if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */ wc_InitMutex(&ecc_fp_lock);