From 8176022b224a59d84ca5546d87e12222d212863f Mon Sep 17 00:00:00 2001 From: Shelly Liberman Date: Sun, 25 Oct 2020 18:48:06 +0200 Subject: [PATCH] Restore tinycrypt implementation of regularize_k() The fix is required to prevent array overrun Signed-off-by: Shelly Liberman --- tinycrypt/ecc.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tinycrypt/ecc.c b/tinycrypt/ecc.c index 1328ea2d1..ba4a3ac08 100644 --- a/tinycrypt/ecc.c +++ b/tinycrypt/ecc.c @@ -1610,10 +1610,20 @@ static void EccPoint_mult(uECC_word_t * result, const uECC_word_t * point, static uECC_word_t regularize_k(const uECC_word_t * const k, uECC_word_t *k0, uECC_word_t *k1) { + wordcount_t num_n_words = NUM_ECC_WORDS; bitcount_t num_n_bits = NUM_ECC_BITS; + /* With our constant NUM_ECC_BITS and NUM_ECC_WORDS the + * check (num_n_bits < ((bitcount_t)num_n_words * uECC_WORD_SIZE * 8) always would have "false" result (256 < 256), + * therefore Coverity warning may be detected. Removing of this line without changing the entire check will cause to + * array overrun. + * The entire check is not changed on purpose to be aligned with original tinycrypt + * implementation and to allow upstreaming to other curves if required. + * Coverity specific annotation may be added to silence warning if exists. + */ uECC_word_t carry = uECC_vli_add(k0, k, curve_n) || - uECC_vli_testBit(k0, num_n_bits); + (num_n_bits < ((bitcount_t)num_n_words * uECC_WORD_SIZE * 8) && + uECC_vli_testBit(k0, num_n_bits)); uECC_vli_add(k1, k0, curve_n);