Improved on the fix of #309 and extended the test to cover subroutines.
diff --git a/library/bignum.c b/library/bignum.c
index 73ea453..8223b4c 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -893,12 +893,19 @@
if( X == B )
{
- const mpi *T;
+ if( B == A )
+ {
+ // Making a temporary copy instead of shifting by one to deny
+ // the possibility of corresponding side-channel attacks.
+ mpi TB;
- if( B == A)
- return mpi_shift_l( X, 1 );
+ mpi_init( &TB );
+ MBEDTLS_MPI_CHK( mpi_copy( &TB, B ) );
- T = A; A = X; B = T;
+ return mpi_add_abs( X, A, &TB );
+ }
+
+ B = A; A = X;
}
if( X != A )
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index e972020..c0fdf8e 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -443,15 +443,24 @@
void mpi_add_mpi_inplace( int radix_X, char *input_X, int radix_A, char *input_A )
{
mpi X, A;
- mpi_init( &X ); mbedtls_mpi_init( &A );
+ mpi_init( &X ); mpi_init( &A );
+
+ TEST_ASSERT( mpi_read_string( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mpi_sub_abs( &X, &X, &X ) == 0 );
+ TEST_ASSERT( mpi_cmp_int( &X, 0 ) == 0 );
+
+ TEST_ASSERT( mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mpi_add_abs( &X, &X, &X ) == 0 );
+ TEST_ASSERT( mpi_cmp_mpi( &X, &A ) == 0 );
+
+ TEST_ASSERT( mpi_read_string( &X, radix_X, input_X ) == 0 );
TEST_ASSERT( mpi_add_mpi( &X, &X, &X ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &X, &A ) == 0 );
exit:
- mpi_free( &X ); mbedtls_mpi_free( &A );
+ mpi_free( &X ); mpi_free( &A );
}
/* END_CASE */