commit afb20796524f5bb746f4e0ee7e4e92a1e90cd380
author Janos Follath <janos.follath@arm.com> Tue Aug 20 10:41:55 2024 +0100
committer Janos Follath <janos.follath@arm.com> Tue Aug 20 11:00:51 2024 +0100
tree 3cee2dfc4104244e6c9c3f8aeb01e3c6bdf4f347
parent 8786dd79f715f52444088858ad1e2eb79dd9f25c

Clean up initialization in _core_exp_mod()

Signed-off-by: Janos Follath <janos.follath@arm.com>

library/bignum_core.c

diff --git a/library/bignum_core.c b/library/bignum_core.c
index 2e2df37..4231554 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@@ -765,11 +765,21 @@
                                                           size_t *E_bit_index)
 {
     if (E_public == MBEDTLS_MPI_IS_PUBLIC) {
+        /*
+         * Skip leading zero bits.
+         */
         size_t E_bits = mbedtls_mpi_core_bitlen(E, E_limbs);
-        if (E_bits != 0) {
-            *E_limb_index = E_bits / biL;
-            *E_bit_index = E_bits % biL;
+        if (E_bits == 0) {
+            /*
+             * If E is 0 mbedtls_mpi_core_bitlen() returns 0. Even if that is the case, we will want
+             * to represent it as a single 0 bit and as such the bitlength will be 1.
+             */
+            E_bits = 1;
         }
+
+        *E_limb_index = E_bits / biL;
+        *E_bit_index = E_bits % biL;
+
 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
         mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_PUBLIC;
 #endif
@@ -847,8 +857,8 @@
     /* We'll process the bits of E from most significant
      * (limb_index=E_limbs-1, E_bit_index=biL-1) to least significant
      * (limb_index=0, E_bit_index=0). */
-    size_t E_limb_index = E_limbs;
-    size_t E_bit_index = 0;
+    size_t E_limb_index;
+    size_t E_bit_index;
     exp_mod_calc_first_bit_optionally_safe(E, E_limbs, E_public,
                                            &E_limb_index, &E_bit_index);