Make mp_get_digit refactor FIPS friendly.

kareem-wolfssl · kareem-wolfssl · commit 05aa4f5f08bb · 2025-06-17T10:12:06.000-07:00
diff --git a/tests/api/test_wolfmath.c b/tests/api/test_wolfmath.c
@@ -46,8 +46,13 @@ int test_mp_get_digit_count(void)
 
     ExpectIntEQ(mp_init(&a), 0);
 
+#ifdef HAVE_FIPS
+    ExpectIntEQ(get_digit_count(NULL), 0);
+    ExpectIntEQ(get_digit_count(&a), 0);
+#else
     ExpectIntEQ(mp_get_digit_count(NULL), 0);
     ExpectIntEQ(mp_get_digit_count(&a), 0);
+#endif
 
     mp_clear(&a);
 #endif
@@ -67,8 +72,13 @@ int test_mp_get_digit(void)
     XMEMSET(&a, 0, sizeof(mp_int));
 
     ExpectIntEQ(mp_init(&a), MP_OKAY);
+#ifdef HAVE_FIPS
+    ExpectIntEQ(get_digit(NULL, n), 0);
+    ExpectIntEQ(get_digit(&a, n), 0);
+#else
     ExpectIntEQ(mp_get_digit(NULL, n), 0);
     ExpectIntEQ(mp_get_digit(&a, n), 0);
+#endif
 
     mp_clear(&a);
 #endif
@@ -89,10 +99,17 @@ int test_mp_get_rand_digit(void)
 
     ExpectIntEQ(wc_InitRng(&rng), 0);
 
+#ifdef HAVE_FIPS
+    ExpectIntEQ(get_rand_digit(&rng, &d), 0);
+    ExpectIntEQ(get_rand_digit(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(get_rand_digit(NULL, &d), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(get_rand_digit(&rng, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#else
     ExpectIntEQ(mp_get_rand_digit(&rng, &d), 0);
     ExpectIntEQ(mp_get_rand_digit(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(mp_get_rand_digit(NULL, &d), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(mp_get_rand_digit(&rng, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
 
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
 #endif
diff --git a/wolfcrypt/src/wolfmath.c b/wolfcrypt/src/wolfmath.c
@@ -85,15 +85,23 @@ void mp_reverse(unsigned char *s, int len)
     }
 }
 
+#ifdef HAVE_FIPS
+int get_digit_count(const mp_int* a)
+#else
 int mp_get_digit_count(const mp_int* a)
+#endif
 {
     if (a == NULL)
         return 0;
 
     return (int)a->used;
 }
 
+#ifdef HAVE_FIPS
+mp_digit get_digit(const mp_int* a, int n)
+#else
 mp_digit mp_get_digit(const mp_int* a, int n)
+#endif
 {
     if (a == NULL)
         return 0;
@@ -138,10 +146,18 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b)
          * mp_get_digit() returns 0 when index greater than available digit.
          */
         for (i = 0; i < a->used; i++) {
+#ifdef HAVE_FIPS
+            b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask;
+#else
             b->dp[i] ^= (mp_get_digit(a, (int)i) ^ mp_get_digit(b, (int)i)) & mask;
+#endif
         }
         for (; i < b->used; i++) {
+#ifdef HAVE_FIPS
+            b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask;
+#else
             b->dp[i] ^= (mp_get_digit(a, (int)i) ^ mp_get_digit(b, (int)i)) & mask;
+#endif
         }
         b->used ^= (a->used ^ b->used) & (wc_mp_size_t)mask;
 #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
@@ -156,7 +172,11 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b)
 
 
 #ifndef WC_NO_RNG
+#ifdef HAVE_FIPS
+int get_rand_digit(WC_RNG* rng, mp_digit* d)
+#else
 int mp_get_rand_digit(WC_RNG* rng, mp_digit* d)
+#endif
 {
     return wc_RNG_GenerateBlock(rng, (byte*)d, sizeof(mp_digit));
 }
diff --git a/wolfssl/wolfcrypt/wolfmath.h b/wolfssl/wolfcrypt/wolfmath.h
@@ -83,9 +83,15 @@ This library provides big integer math functions.
 
 #if !defined(NO_BIG_INT)
 /* common math functions */
+#ifdef HAVE_FIPS
+MP_API int get_digit_count(const mp_int* a);
+MP_API mp_digit get_digit(const mp_int* a, int n);
+MP_API int get_rand_digit(WC_RNG* rng, mp_digit* d);
+#else
 MP_API int mp_get_digit_count(const mp_int* a);
 MP_API mp_digit mp_get_digit(const mp_int* a, int n);
 MP_API int mp_get_rand_digit(WC_RNG* rng, mp_digit* d);
+#endif
 WOLFSSL_LOCAL void mp_reverse(unsigned char *s, int len);
 
 WOLFSSL_API int mp_cond_copy(mp_int* a, int copy, mp_int* b);

Original file line number	Diff line number	Diff line change
`@@ -85,15 +85,23 @@ void mp_reverse(unsigned char *s, int len)`
`85`	`85`	`}`
`86`	`86`	`}`
`87`	`87`
	`88`	`+#ifdef HAVE_FIPS`
	`89`	`+int get_digit_count(const mp_int* a)`
	`90`	`+#else`
`88`	`91`	`int mp_get_digit_count(const mp_int* a)`
	`92`	`+#endif`
`89`	`93`	`{`
`90`	`94`	`if (a == NULL)`
`91`	`95`	`return 0;`
`92`	`96`
`93`	`97`	`return (int)a->used;`
`94`	`98`	`}`
`95`	`99`
	`100`	`+#ifdef HAVE_FIPS`
	`101`	`+mp_digit get_digit(const mp_int* a, int n)`
	`102`	`+#else`
`96`	`103`	`mp_digit mp_get_digit(const mp_int* a, int n)`
	`104`	`+#endif`
`97`	`105`	`{`
`98`	`106`	`if (a == NULL)`
`99`	`107`	`return 0;`
`@@ -138,10 +146,18 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b)`
`138`	`146`	`* mp_get_digit() returns 0 when index greater than available digit.`
`139`	`147`	`*/`
`140`	`148`	`for (i = 0; i < a->used; i++) {`
	`149`	`+#ifdef HAVE_FIPS`
	`150`	`+ b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask;`
	`151`	`+#else`
`141`	`152`	`b->dp[i] ^= (mp_get_digit(a, (int)i) ^ mp_get_digit(b, (int)i)) & mask;`
	`153`	`+#endif`
`142`	`154`	`}`
`143`	`155`	`for (; i < b->used; i++) {`
	`156`	`+#ifdef HAVE_FIPS`
	`157`	`+ b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask;`
	`158`	`+#else`
`144`	`159`	`b->dp[i] ^= (mp_get_digit(a, (int)i) ^ mp_get_digit(b, (int)i)) & mask;`
	`160`	`+#endif`
`145`	`161`	`}`
`146`	`162`	`b->used ^= (a->used ^ b->used) & (wc_mp_size_t)mask;`
`147`	`163`	`#if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) \|\| \`
`@@ -156,7 +172,11 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b)`
`156`	`172`
`157`	`173`
`158`	`174`	`#ifndef WC_NO_RNG`
	`175`	`+#ifdef HAVE_FIPS`
	`176`	`+int get_rand_digit(WC_RNG* rng, mp_digit* d)`
	`177`	`+#else`
`159`	`178`	`int mp_get_rand_digit(WC_RNG* rng, mp_digit* d)`
	`179`	`+#endif`
`160`	`180`	`{`
`161`	`181`	`return wc_RNG_GenerateBlock(rng, (byte*)d, sizeof(mp_digit));`
`162`	`182`	`}`