Merge pull request #4189 from SparkiDev/sp_calc_vfy_check_ret

SP ECC: calc vfy point not check mod_inv return

wolfcrypt/src/sp_arm32.c

@@ -38327,14 +38327,13 @@ static int sp_256_calc_vfy_point_8(sp_point_256* p1, sp_point_256* p2,
     int err;
 
 #ifndef WOLFSSL_SP_SMALL
-    {
-        sp_256_mod_inv_8(s, s, p256_order);
-    }
+    err = sp_256_mod_inv_8(s, s, p256_order);
+    if (err == MP_OKAY)
 #endif /* !WOLFSSL_SP_SMALL */
     {
         sp_256_mul_8(s, s, p256_norm_order);
+        err = sp_256_mod_8(s, s, p256_order);
     }
-    err = sp_256_mod_8(s, s, p256_order);
     if (err == MP_OKAY) {
         sp_256_norm_8(s);
 #ifdef WOLFSSL_SP_SMALL
@@ -38343,15 +38342,15 @@ static int sp_256_calc_vfy_point_8(sp_point_256* p1, sp_point_256* p2,
             sp_256_mont_mul_order_8(u1, u1, s);
             sp_256_mont_mul_order_8(u2, u2, s);
         }
-
 #else
         {
             sp_256_mont_mul_order_8(u1, u1, s);
             sp_256_mont_mul_order_8(u2, u2, s);
         }
-
 #endif /* WOLFSSL_SP_SMALL */
+        {
             err = sp_256_ecc_mulmod_base_8(p1, u1, 0, 0, heap);
+        }
     }
     if ((err == MP_OKAY) && sp_256_iszero_8(p1->z)) {
         p1->infinity = 1;
@@ -47612,14 +47611,13 @@ static int sp_384_calc_vfy_point_12(sp_point_384* p1, sp_point_384* p2,
     int err;
 
 #ifndef WOLFSSL_SP_SMALL
-    {
-        sp_384_mod_inv_12(s, s, p384_order);
-    }
+    err = sp_384_mod_inv_12(s, s, p384_order);
+    if (err == MP_OKAY)
 #endif /* !WOLFSSL_SP_SMALL */
     {
         sp_384_mul_12(s, s, p384_norm_order);
+        err = sp_384_mod_12(s, s, p384_order);
     }
-    err = sp_384_mod_12(s, s, p384_order);
     if (err == MP_OKAY) {
         sp_384_norm_12(s);
 #ifdef WOLFSSL_SP_SMALL
@@ -47628,15 +47626,15 @@ static int sp_384_calc_vfy_point_12(sp_point_384* p1, sp_point_384* p2,
             sp_384_mont_mul_order_12(u1, u1, s);
             sp_384_mont_mul_order_12(u2, u2, s);
         }
-
 #else
         {
             sp_384_mont_mul_order_12(u1, u1, s);
             sp_384_mont_mul_order_12(u2, u2, s);
         }
-
 #endif /* WOLFSSL_SP_SMALL */
+        {
             err = sp_384_ecc_mulmod_base_12(p1, u1, 0, 0, heap);
+        }
     }
     if ((err == MP_OKAY) && sp_384_iszero_12(p1->z)) {
         p1->infinity = 1;

wolfcrypt/src/sp_arm64.c

@@ -38508,14 +38508,13 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
     int err;
 
 #ifndef WOLFSSL_SP_SMALL
-    {
-        sp_256_mod_inv_4(s, s, p256_order);
-    }
+    err = sp_256_mod_inv_4(s, s, p256_order);
+    if (err == MP_OKAY)
 #endif /* !WOLFSSL_SP_SMALL */
     {
         sp_256_mul_4(s, s, p256_norm_order);
+        err = sp_256_mod_4(s, s, p256_order);
     }
-    err = sp_256_mod_4(s, s, p256_order);
     if (err == MP_OKAY) {
         sp_256_norm_4(s);
 #ifdef WOLFSSL_SP_SMALL
@@ -38524,15 +38523,15 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
             sp_256_mont_mul_order_4(u1, u1, s);
             sp_256_mont_mul_order_4(u2, u2, s);
         }
-
 #else
         {
             sp_256_mont_mul_order_4(u1, u1, s);
             sp_256_mont_mul_order_4(u2, u2, s);
         }
-
 #endif /* WOLFSSL_SP_SMALL */
+        {
             err = sp_256_ecc_mulmod_base_4(p1, u1, 0, 0, heap);
+        }
     }
     if ((err == MP_OKAY) && sp_256_iszero_4(p1->z)) {
         p1->infinity = 1;
@@ -64152,14 +64151,13 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
     int err;
 
 #ifndef WOLFSSL_SP_SMALL
-    {
-        sp_384_mod_inv_6(s, s, p384_order);
-    }
+    err = sp_384_mod_inv_6(s, s, p384_order);
+    if (err == MP_OKAY)
 #endif /* !WOLFSSL_SP_SMALL */
     {
         sp_384_mul_6(s, s, p384_norm_order);
+        err = sp_384_mod_6(s, s, p384_order);
     }
-    err = sp_384_mod_6(s, s, p384_order);
     if (err == MP_OKAY) {
         sp_384_norm_6(s);
 #ifdef WOLFSSL_SP_SMALL
@@ -64168,15 +64166,15 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
             sp_384_mont_mul_order_6(u1, u1, s);
             sp_384_mont_mul_order_6(u2, u2, s);
         }
-
 #else
         {
             sp_384_mont_mul_order_6(u1, u1, s);
             sp_384_mont_mul_order_6(u2, u2, s);
         }
-
 #endif /* WOLFSSL_SP_SMALL */
+        {
             err = sp_384_ecc_mulmod_base_6(p1, u1, 0, 0, heap);
+        }
     }
     if ((err == MP_OKAY) && sp_384_iszero_6(p1->z)) {
         p1->infinity = 1;

wolfcrypt/src/sp_armthumb.c

@@ -44151,14 +44151,13 @@ static int sp_256_calc_vfy_point_8(sp_point_256* p1, sp_point_256* p2,
     int err;
 
 #ifndef WOLFSSL_SP_SMALL
-    {
-        sp_256_mod_inv_8(s, s, p256_order);
-    }
+    err = sp_256_mod_inv_8(s, s, p256_order);
+    if (err == MP_OKAY)
 #endif /* !WOLFSSL_SP_SMALL */
     {
         sp_256_mul_8(s, s, p256_norm_order);
+        err = sp_256_mod_8(s, s, p256_order);
     }
-    err = sp_256_mod_8(s, s, p256_order);
     if (err == MP_OKAY) {
         sp_256_norm_8(s);
 #ifdef WOLFSSL_SP_SMALL
@@ -44167,15 +44166,15 @@ static int sp_256_calc_vfy_point_8(sp_point_256* p1, sp_point_256* p2,
             sp_256_mont_mul_order_8(u1, u1, s);
             sp_256_mont_mul_order_8(u2, u2, s);
         }
-
 #else
         {
             sp_256_mont_mul_order_8(u1, u1, s);
             sp_256_mont_mul_order_8(u2, u2, s);
         }
-
 #endif /* WOLFSSL_SP_SMALL */
+        {
             err = sp_256_ecc_mulmod_base_8(p1, u1, 0, 0, heap);
+        }
     }
     if ((err == MP_OKAY) && sp_256_iszero_8(p1->z)) {
         p1->infinity = 1;
@@ -54557,14 +54556,13 @@ static int sp_384_calc_vfy_point_12(sp_point_384* p1, sp_point_384* p2,
     int err;
 
 #ifndef WOLFSSL_SP_SMALL
-    {
-        sp_384_mod_inv_12(s, s, p384_order);
-    }
+    err = sp_384_mod_inv_12(s, s, p384_order);
+    if (err == MP_OKAY)
 #endif /* !WOLFSSL_SP_SMALL */
     {
         sp_384_mul_12(s, s, p384_norm_order);
+        err = sp_384_mod_12(s, s, p384_order);
     }
-    err = sp_384_mod_12(s, s, p384_order);
     if (err == MP_OKAY) {
         sp_384_norm_12(s);
 #ifdef WOLFSSL_SP_SMALL
@@ -54573,15 +54571,15 @@ static int sp_384_calc_vfy_point_12(sp_point_384* p1, sp_point_384* p2,
             sp_384_mont_mul_order_12(u1, u1, s);
             sp_384_mont_mul_order_12(u2, u2, s);
         }
-
 #else
         {
             sp_384_mont_mul_order_12(u1, u1, s);
             sp_384_mont_mul_order_12(u2, u2, s);
         }
-
 #endif /* WOLFSSL_SP_SMALL */
+        {
             err = sp_384_ecc_mulmod_base_12(p1, u1, 0, 0, heap);
+        }
     }
     if ((err == MP_OKAY) && sp_384_iszero_12(p1->z)) {
         p1->infinity = 1;

wolfcrypt/src/sp_c32.c

@@ -25972,14 +25972,13 @@ static int sp_256_calc_vfy_point_9(sp_point_256* p1, sp_point_256* p2,
     int err;
 
 #ifndef WOLFSSL_SP_SMALL
-    {
-        sp_256_mod_inv_9(s, s, p256_order);
-    }
+    err = sp_256_mod_inv_9(s, s, p256_order);
+    if (err == MP_OKAY)
 #endif /* !WOLFSSL_SP_SMALL */
     {
         sp_256_mul_9(s, s, p256_norm_order);
+        err = sp_256_mod_9(s, s, p256_order);
     }
-    err = sp_256_mod_9(s, s, p256_order);
     if (err == MP_OKAY) {
         sp_256_norm_9(s);
 #ifdef WOLFSSL_SP_SMALL
@@ -25988,15 +25987,15 @@ static int sp_256_calc_vfy_point_9(sp_point_256* p1, sp_point_256* p2,
             sp_256_mont_mul_order_9(u1, u1, s);
             sp_256_mont_mul_order_9(u2, u2, s);
         }
-
 #else
         {
             sp_256_mont_mul_order_9(u1, u1, s);
             sp_256_mont_mul_order_9(u2, u2, s);
         }
-
 #endif /* WOLFSSL_SP_SMALL */
+        {
             err = sp_256_ecc_mulmod_base_9(p1, u1, 0, 0, heap);
+        }
     }
     if ((err == MP_OKAY) && sp_256_iszero_9(p1->z)) {
         p1->infinity = 1;
@@ -33763,14 +33762,13 @@ static int sp_384_calc_vfy_point_15(sp_point_384* p1, sp_point_384* p2,
     int err;
 
 #ifndef WOLFSSL_SP_SMALL
-    {
-        sp_384_mod_inv_15(s, s, p384_order);
-    }
+    err = sp_384_mod_inv_15(s, s, p384_order);
+    if (err == MP_OKAY)
 #endif /* !WOLFSSL_SP_SMALL */
     {
         sp_384_mul_15(s, s, p384_norm_order);
+        err = sp_384_mod_15(s, s, p384_order);
     }
-    err = sp_384_mod_15(s, s, p384_order);
     if (err == MP_OKAY) {
         sp_384_norm_15(s);
 #ifdef WOLFSSL_SP_SMALL
@@ -33779,15 +33777,15 @@ static int sp_384_calc_vfy_point_15(sp_point_384* p1, sp_point_384* p2,
             sp_384_mont_mul_order_15(u1, u1, s);
             sp_384_mont_mul_order_15(u2, u2, s);
         }
-
 #else
         {
             sp_384_mont_mul_order_15(u1, u1, s);
             sp_384_mont_mul_order_15(u2, u2, s);
         }
-
 #endif /* WOLFSSL_SP_SMALL */
+        {
             err = sp_384_ecc_mulmod_base_15(p1, u1, 0, 0, heap);
+        }
     }
     if ((err == MP_OKAY) && sp_384_iszero_15(p1->z)) {
         p1->infinity = 1;

wolfcrypt/src/sp_c64.c

@@ -27168,14 +27168,13 @@ static int sp_256_calc_vfy_point_5(sp_point_256* p1, sp_point_256* p2,
     int err;
 
 #ifndef WOLFSSL_SP_SMALL
-    {
-        sp_256_mod_inv_5(s, s, p256_order);
-    }
+    err = sp_256_mod_inv_5(s, s, p256_order);
+    if (err == MP_OKAY)
 #endif /* !WOLFSSL_SP_SMALL */
     {
         sp_256_mul_5(s, s, p256_norm_order);
+        err = sp_256_mod_5(s, s, p256_order);
     }
-    err = sp_256_mod_5(s, s, p256_order);
     if (err == MP_OKAY) {
         sp_256_norm_5(s);
 #ifdef WOLFSSL_SP_SMALL
@@ -27184,15 +27183,15 @@ static int sp_256_calc_vfy_point_5(sp_point_256* p1, sp_point_256* p2,
             sp_256_mont_mul_order_5(u1, u1, s);
             sp_256_mont_mul_order_5(u2, u2, s);
         }
-
 #else
         {
             sp_256_mont_mul_order_5(u1, u1, s);
             sp_256_mont_mul_order_5(u2, u2, s);
         }
-
 #endif /* WOLFSSL_SP_SMALL */
+        {
             err = sp_256_ecc_mulmod_base_5(p1, u1, 0, 0, heap);
+        }
     }
     if ((err == MP_OKAY) && sp_256_iszero_5(p1->z)) {
         p1->infinity = 1;
@@ -34390,14 +34389,13 @@ static int sp_384_calc_vfy_point_7(sp_point_384* p1, sp_point_384* p2,
     int err;
 
 #ifndef WOLFSSL_SP_SMALL
-    {
-        sp_384_mod_inv_7(s, s, p384_order);
-    }
+    err = sp_384_mod_inv_7(s, s, p384_order);
+    if (err == MP_OKAY)
 #endif /* !WOLFSSL_SP_SMALL */
     {
         sp_384_mul_7(s, s, p384_norm_order);
+        err = sp_384_mod_7(s, s, p384_order);
     }
-    err = sp_384_mod_7(s, s, p384_order);
     if (err == MP_OKAY) {
         sp_384_norm_7(s);
 #ifdef WOLFSSL_SP_SMALL
@@ -34406,15 +34404,15 @@ static int sp_384_calc_vfy_point_7(sp_point_384* p1, sp_point_384* p2,
             sp_384_mont_mul_order_7(u1, u1, s);
             sp_384_mont_mul_order_7(u2, u2, s);
         }
-
 #else
         {
             sp_384_mont_mul_order_7(u1, u1, s);
             sp_384_mont_mul_order_7(u2, u2, s);
         }
-
 #endif /* WOLFSSL_SP_SMALL */
+        {
             err = sp_384_ecc_mulmod_base_7(p1, u1, 0, 0, heap);
+        }
     }
     if ((err == MP_OKAY) && sp_384_iszero_7(p1->z)) {
         p1->infinity = 1;

wolfcrypt/src/sp_cortexm.c

@@ -23705,14 +23705,13 @@ static int sp_256_calc_vfy_point_8(sp_point_256* p1, sp_point_256* p2,
     int err;
 
 #ifndef WOLFSSL_SP_SMALL
-    {
-        sp_256_mod_inv_8(s, s, p256_order);
-    }
+    err = sp_256_mod_inv_8(s, s, p256_order);
+    if (err == MP_OKAY)
 #endif /* !WOLFSSL_SP_SMALL */
     {
         sp_256_mul_8(s, s, p256_norm_order);
+        err = sp_256_mod_8(s, s, p256_order);
     }
-    err = sp_256_mod_8(s, s, p256_order);
     if (err == MP_OKAY) {
         sp_256_norm_8(s);
 #ifdef WOLFSSL_SP_SMALL
@@ -23721,15 +23720,15 @@ static int sp_256_calc_vfy_point_8(sp_point_256* p1, sp_point_256* p2,
             sp_256_mont_mul_order_8(u1, u1, s);
             sp_256_mont_mul_order_8(u2, u2, s);
         }
-
 #else
         {
             sp_256_mont_mul_order_8(u1, u1, s);
             sp_256_mont_mul_order_8(u2, u2, s);
         }
-
 #endif /* WOLFSSL_SP_SMALL */
+        {
             err = sp_256_ecc_mulmod_base_8(p1, u1, 0, 0, heap);
+        }
     }
     if ((err == MP_OKAY) && sp_256_iszero_8(p1->z)) {
         p1->infinity = 1;
@@ -30936,14 +30935,13 @@ static int sp_384_calc_vfy_point_12(sp_point_384* p1, sp_point_384* p2,
     int err;
 
 #ifndef WOLFSSL_SP_SMALL
-    {
-        sp_384_mod_inv_12(s, s, p384_order);
-    }
+    err = sp_384_mod_inv_12(s, s, p384_order);
+    if (err == MP_OKAY)
 #endif /* !WOLFSSL_SP_SMALL */
     {
         sp_384_mul_12(s, s, p384_norm_order);
+        err = sp_384_mod_12(s, s, p384_order);
     }
-    err = sp_384_mod_12(s, s, p384_order);
     if (err == MP_OKAY) {
         sp_384_norm_12(s);
 #ifdef WOLFSSL_SP_SMALL
@@ -30952,15 +30950,15 @@ static int sp_384_calc_vfy_point_12(sp_point_384* p1, sp_point_384* p2,
             sp_384_mont_mul_order_12(u1, u1, s);
             sp_384_mont_mul_order_12(u2, u2, s);
         }
-
 #else
         {
             sp_384_mont_mul_order_12(u1, u1, s);
             sp_384_mont_mul_order_12(u2, u2, s);
         }
-
 #endif /* WOLFSSL_SP_SMALL */
+        {
             err = sp_384_ecc_mulmod_base_12(p1, u1, 0, 0, heap);
+        }
     }
     if ((err == MP_OKAY) && sp_384_iszero_12(p1->z)) {
         p1->infinity = 1;

wolfcrypt/src/sp_x86_64.c

@@ -23957,16 +23957,18 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
         sp_256_mod_inv_4(s, s, p256_order);
     }
 #endif /* !WOLFSSL_SP_SMALL */
+    {
 #ifdef HAVE_INTEL_AVX2
-    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
-        sp_256_mul_avx2_4(s, s, p256_norm_order);
-    }
-    else
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            sp_256_mul_avx2_4(s, s, p256_norm_order);
+        }
+        else
 #endif
-    {
-        sp_256_mul_4(s, s, p256_norm_order);
+        {
+            sp_256_mul_4(s, s, p256_norm_order);
+        }
+        err = sp_256_mod_4(s, s, p256_order);
     }
-    err = sp_256_mod_4(s, s, p256_order);
     if (err == MP_OKAY) {
         sp_256_norm_4(s);
 #ifdef WOLFSSL_SP_SMALL
@@ -23983,7 +23985,6 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
             sp_256_mont_mul_order_4(u1, u1, s);
             sp_256_mont_mul_order_4(u2, u2, s);
         }
-
 #else
 #ifdef HAVE_INTEL_AVX2
         if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
@@ -23996,14 +23997,16 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2,
             sp_256_mont_mul_order_4(u1, u1, s);
             sp_256_mont_mul_order_4(u2, u2, s);
         }
-
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
             err = sp_256_ecc_mulmod_base_avx2_4(p1, u1, 0, 0, heap);
+        }
         else
 #endif
+        {
             err = sp_256_ecc_mulmod_base_4(p1, u1, 0, 0, heap);
+        }
     }
     if ((err == MP_OKAY) && sp_256_iszero_4(p1->z)) {
         p1->infinity = 1;
@@ -48535,20 +48538,21 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
 #endif
 
 #ifndef WOLFSSL_SP_SMALL
-    {
-        sp_384_mod_inv_6(s, s, p384_order);
-    }
+    err = sp_384_mod_inv_6(s, s, p384_order);
+    if (err == MP_OKAY)
 #endif /* !WOLFSSL_SP_SMALL */
+    {
 #ifdef HAVE_INTEL_AVX2
-    if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
-        sp_384_mul_avx2_6(s, s, p384_norm_order);
-    }
-    else
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
+            sp_384_mul_avx2_6(s, s, p384_norm_order);
+        }
+        else
 #endif
-    {
-        sp_384_mul_6(s, s, p384_norm_order);
+        {
+            sp_384_mul_6(s, s, p384_norm_order);
+        }
+        err = sp_384_mod_6(s, s, p384_order);
     }
-    err = sp_384_mod_6(s, s, p384_order);
     if (err == MP_OKAY) {
         sp_384_norm_6(s);
 #ifdef WOLFSSL_SP_SMALL
@@ -48565,7 +48569,6 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
             sp_384_mont_mul_order_6(u1, u1, s);
             sp_384_mont_mul_order_6(u2, u2, s);
         }
-
 #else
 #ifdef HAVE_INTEL_AVX2
         if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
@@ -48578,14 +48581,16 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2,
             sp_384_mont_mul_order_6(u1, u1, s);
             sp_384_mont_mul_order_6(u2, u2, s);
         }
-
 #endif /* WOLFSSL_SP_SMALL */
 #ifdef HAVE_INTEL_AVX2
-        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
+        if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
             err = sp_384_ecc_mulmod_base_avx2_6(p1, u1, 0, 0, heap);
+        }
         else
 #endif
+        {
             err = sp_384_ecc_mulmod_base_6(p1, u1, 0, 0, heap);
+        }
     }
     if ((err == MP_OKAY) && sp_384_iszero_6(p1->z)) {
         p1->infinity = 1;