mpi_exp_mod: fix out of bounds access
The table size was set before the configured window size bound was applied which lead to out of bounds access when the configured window size bound is less. Signed-off-by: Janos Follath <janos.follath@arm.com>
This commit is contained in:
Janos Follath
parent
9c09326572
commit
060009518b
1 changed files with 2 additions and 1 deletions
|
|
@ -2005,13 +2005,14 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
|
|||
|
||||
window_bitsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 :
|
||||
( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1;
|
||||
const size_t w_table_used_size = ( (size_t)1 << window_bitsize ) + 1;
|
||||
|
||||
#if( MBEDTLS_MPI_WINDOW_SIZE < 6 )
|
||||
if( window_bitsize > MBEDTLS_MPI_WINDOW_SIZE )
|
||||
window_bitsize = MBEDTLS_MPI_WINDOW_SIZE;
|
||||
#endif
|
||||
|
||||
const size_t w_table_used_size = ( (size_t) 1 << window_bitsize ) + 1;
|
||||
|
||||
/*
|
||||
* This function is not constant-trace: its memory accesses depend on the
|
||||
* exponent value. To defend against timing attacks, callers (such as RSA
|
||||
|
|
|
|||
Loading…
Reference in a new issue