SP int: fixes from review by Claude#10235
Merged
dgarske merged 1 commit intowolfSSL:masterfrom Apr 16, 2026
Merged
Conversation
1. sp_cond_swap_ct_ex (line ~5524) — XOR typo: b->sign ^= b->sign always zeroed the sign. Fixed to b->sign ^= t->sign to correctly swap signs. 2. sp_mod_d (line ~7271) — Negative modulo correction was applied even when the remainder was 0. Added (*r != 0) guard to avoid producing d instead of 0. 3. sp_lshb (line ~8444) — Left-shift size check was off. Refactored to correctly distinguish between pure-digit shifts and bit-within-digit shifts when checking if the result fits, using separate overflow checks for each case. 4. _sp_mulmod_tmp (line ~12160) — Zero inputs caused an allocation of size 0, which is problematic. Added an early path: if either operand is zero, set result to zero and skip the allocation/multiply entirely. 5. sp_mod_2d — copy path (line ~14762) — XMEMCPY copied digits * SP_WORD_SIZEOF bytes but a may have fewer than digits used digits. Fixed to copy min(a->used, digits) digits to avoid reading uninitialized memory. 6. sp_mod_2d — negation loop (line ~14782) — Negation loop iterated over r->used, which could exceed digits. Fixed to loop over min(r->used, digits). 7. _sp_sqrmod (line ~17314) — Same zero-input issue as _sp_mulmod_tmp. Added early zero path to skip the allocation/squaring when input is zero. 8. sp_lcm (line ~19838) — Typo in sign check: b->sign >= MP_NEG (comparing against a value that is 1, so >= 1 would also match MP_ZPOS) changed to b->sign == MP_NEG.
SparkiDev
force-pushed
the
sp_int_fixes_6
branch
from
e289a95 to
c119a21
Compare
|
dgarske
approved these changes
Apr 16, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
zeroed the sign. Fixed to b->sign ^= t->sign to correctly swap signs.
when the remainder was 0. Added (*r != 0) guard to avoid producing d
instead of 0.
correctly distinguish between pure-digit shifts and bit-within-digit
shifts when checking if the result fits, using separate overflow checks
for each case.
size 0, which is problematic. Added an early path: if either operand is
zero, set result to zero and skip the allocation/multiply entirely.
SP_WORD_SIZEOF bytes but a may have fewer than digits used digits. Fixed
to copy min(a->used, digits) digits to avoid reading uninitialized
memory.
over r->used, which could exceed digits. Fixed to loop over min(r->used,
digits).
Added early zero path to skip the allocation/squaring when input is
zero.
(comparing against a value that is 1, so >= 1 would also match MP_ZPOS)
changed to b->sign == MP_NEG.
Testing
Standard