Fix overflow in monty_redc

OSS-Fuzz caught a bug introduced in 5fcc1c70d7a. bigint_monty_redc
assumes z is 2*p_words+2 words long. Previously the implicit rounding
up in grow_to ensured a resize would result in a sufficiently large
value.

OSS-Fuzz 6581 6588 6593

1 files changed, 4 insertions, 4 deletions

diff --git a/src/lib/pubkey/ec_group/curve_gfp.cpp b/src/lib/pubkey/ec_group/curve_gfp.cpp
index a55741fb0..1bca04d07 100644
--- a/src/lib/pubkey/ec_group/curve_gfp.cpp
+++ b/src/lib/pubkey/ec_group/curve_gfp.cpp
@@ -82,7 +82,7 @@ void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y,
       return;
       }
 
-   const size_t output_size = 2*m_p_words + 1;
+   const size_t output_size = 2*m_p_words + 2;
    ws.resize(2*(m_p_words+2));
 
    if(z.size() < output_size)
@@ -106,7 +106,7 @@ void CurveGFp_Montgomery::curve_sqr(BigInt& z, const BigInt& x,
    const size_t x_sw = x.sig_words();
    BOTAN_ASSERT(x_sw <= m_p_words, "Input in range");
 
-   const size_t output_size = 2*m_p_words + 1;
+   const size_t output_size = 2*m_p_words + 2;
 
    ws.resize(2*(m_p_words+2));
 
@@ -165,7 +165,7 @@ void CurveGFp_NIST::curve_mul(BigInt& z, const BigInt& x, const BigInt& y,
       }
 
    const size_t p_words = get_p_words();
-   const size_t output_size = 2*p_words + 1;
+   const size_t output_size = 2*p_words + 2;
 
    ws.resize(2*(p_words+2));
 
@@ -188,7 +188,7 @@ void CurveGFp_NIST::curve_sqr(BigInt& z, const BigInt& x,
       }
 
    const size_t p_words = get_p_words();
-   const size_t output_size = 2*p_words + 1;
+   const size_t output_size = 2*p_words + 2;
 
    ws.resize(2*(p_words+2));