commit c7408a432e5a6ba3f251fc20ef9ee6438e304f39
author Minos Galanakis <minos.galanakis@arm.com> Sun Jun 25 20:56:59 2023 +0100
committer Minos Galanakis <minos.galanakis@arm.com> Sun Jun 25 21:14:44 2023 +0100
tree b32996dd79284f241da6fa182709d21f4ff978fa
parent a984d77f3aeef1901a78ab919519c63f292cc9e8

bignum_mod_raw: Adjusted OPT_RED limb size requirements for mod_raw_mul().

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>

library/bignum_mod_raw.c

diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c
index 5c855d0..3de5940 100644
--- a/library/bignum_mod_raw.c
+++ b/library/bignum_mod_raw.c
@@ -130,18 +130,25 @@
                              const mbedtls_mpi_mod_modulus *N,
                              mbedtls_mpi_uint *T)
 {
-    const size_t T_limbs = (N->limbs * 2);
+    /* Standard (A * B) multiplication stored into pre-allocated T
+     *  buffer of fixed limb size of (2N + 1).
+
+     *  The space may not not fully filled by when
+     *  MBEDTLS_MPI_MOD_REP_OPT_RED is used, with most
+     *  curves using (2N) limbs.
+     *
+     *  The 521-bit Weierstrass curve is the only
+     *  that which requires a limb size of (2N + 1). */
+    const size_t T_limbs = (N->bits == 521) ?
+                           BITS_TO_LIMBS(N->bits * 2) + 1 :
+                           BITS_TO_LIMBS(N->bits * 2);
+
     switch (N->int_rep) {
         case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
             mbedtls_mpi_core_montmul(X, A, B, N->limbs, N->p, N->limbs,
                                      N->rep.mont.mm, T);
             break;
         case MBEDTLS_MPI_MOD_REP_OPT_RED:
-            /* Standard (A * B) multiplication stored into pre-allocated T
-             *  buffer of fixed size of ((2N + 1) * ciL) bytes.
-
-             *  The space is not fully filled by MBEDTLS_MPI_MOD_REP_OPT_RED
-             *  which requires at max (2N * ciL) bytes. */
             mbedtls_mpi_core_mul(T, A, N->limbs, B, N->limbs);
 
             /* Optimised Reduction */