commit 381d4ba03be79df1a3d2777aa74cdf11f5d0b5b5
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Aug 04 10:57:13 2025 +0200
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Aug 13 09:01:45 2025 +0200
tree 6fec4d5e74a535df28cf8742a13064ebed9259e2
parent c6a9d845555e229d224d15b3f8a8370390e9ef6e

Make mbedtls_mpi_gcd() more consistent

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

library/bignum.c

diff --git a/library/bignum.c b/library/bignum.c
index 7d5103e..96cade4 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1834,18 +1834,19 @@
     MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B));
     TA.s = TB.s = 1;
 
-    /* Handle special cases (that don't happen in crypto usage) */
-    if (mbedtls_mpi_core_check_zero_ct(A.p, A.n) == MBEDTLS_CT_FALSE) {
-        return mbedtls_mpi_copy(G, TB); // GCD(0, B) = abs(B)
-    }
-    if (mbedtls_mpi_core_check_zero_ct(B.p, B.n) == MBEDTLS_CT_FALSE) {
-        return mbedtls_mpi_copy(G, A); // GCD(A, 0) = A (for now)
-    }
-
-    /* Make the two values the same (non-zero) number of limbs */
+    /* Make the two values the same (non-zero) number of limbs.
+     * This is needed to use mbedtls_mpi_core functions below. */
     MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&TA, TB.n != 0 ? TB.n : 1));
     MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&TB, TA.n)); // non-zero from above
 
+    /* Handle special cases (that don't happen in crypto usage) */
+    if (mbedtls_mpi_core_check_zero_ct(TA.p, TA.n) == MBEDTLS_CT_FALSE) {
+        return mbedtls_mpi_copy(G, &TB); // GCD(0, B) = abs(B)
+    }
+    if (mbedtls_mpi_core_check_zero_ct(TB.p, TB.n) == MBEDTLS_CT_FALSE) {
+        return mbedtls_mpi_copy(G, &TA); // GCD(A, 0) = abs(A)
+    }
+
     const size_t za = mbedtls_mpi_lsb(&TA);
     const size_t zb = mbedtls_mpi_lsb(&TB);