mpi_exp_mod: fix out of bounds access The table size was set before the configured window size bound was applied which lead to out of bounds access when the configured window size bound is less. Signed-off-by: Janos Follath <janos.follath@arm.com>

commit: 060009518b8cd6c65f0b32ae02da831235c7ef2a [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Tue Nov 22 10:18:06 2022 +0000
committer: Janos Follath <janos.follath@arm.com> Tue Nov 22 15:04:11 2022 +0000
tree: 8d59d80e30b193cb4aa2357e707dc4593660356b
parent: 9c09326572b9baaac9530f9bd688c65ca241c010 [diff]
diff --git a/library/bignum.c b/library/bignum.c
index 53d1649..618da37 100644
--- a/library/bignum.c
+++ b/library/bignum.c

@@ -2005,13 +2005,14 @@
 
     window_bitsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 :
             ( i >  79 ) ? 4 : ( i >  23 ) ? 3 : 1;
-    const size_t w_table_used_size = ( (size_t)1 << window_bitsize ) + 1;
 
 #if( MBEDTLS_MPI_WINDOW_SIZE < 6 )
     if( window_bitsize > MBEDTLS_MPI_WINDOW_SIZE )
         window_bitsize = MBEDTLS_MPI_WINDOW_SIZE;
 #endif
 
+    const size_t w_table_used_size = ( (size_t) 1 << window_bitsize ) + 1;
+
     /*
      * This function is not constant-trace: its memory accesses depend on the
      * exponent value. To defend against timing attacks, callers (such as RSA
commit	060009518b8cd6c65f0b32ae02da831235c7ef2a	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Tue Nov 22 10:18:06 2022 +0000
committer	Janos Follath <janos.follath@arm.com>	Tue Nov 22 15:04:11 2022 +0000
tree	8d59d80e30b193cb4aa2357e707dc4593660356b
parent	9c09326572b9baaac9530f9bd688c65ca241c010 [diff]