Merge branch 'master' into ecdsa

This required a bit of manual cleanup in hal.h, hash.c, and rsa.c.  No
intended changes to functionality provided by parent comments, just a
few tweaks to track API changes beyond git's ken.

1 files changed, 15 insertions, 7 deletions

diff --git a/rsa.c b/rsa.c
index b863fdd..3962a74 100644
--- a/rsa.c
+++ b/rsa.c
@@ -76,7 +76,7 @@
  */
 
 #ifndef HAL_RSA_USE_MODEXP
-#define HAL_RSA_USE_MODEXP 0
+#define HAL_RSA_USE_MODEXP 1
 #endif
 
 /*
@@ -169,7 +169,7 @@ static hal_error_t unpack_fp(const fp_int * const bn, uint8_t *buffer, const siz
  * wrap result back up as a bignum.
  */
 
-static hal_error_t modexp(const fp_int * const msg,
+static hal_error_t modexp(const fp_int * msg,
                           const fp_int * const exp,
                           const fp_int * const mod,
                           fp_int *res)
@@ -178,13 +178,21 @@ static hal_error_t modexp(const fp_int * const msg,
 
   assert(msg != NULL && exp != NULL && mod != NULL && res != NULL);
 
-  const size_t msg_len = fp_unsigned_bin_size(msg);
-  const size_t exp_len = fp_unsigned_bin_size(exp);
-  const size_t mod_len = fp_unsigned_bin_size(mod);
+  fp_int reduced_msg;
+
+  if (fp_cmp_mag(unconst_fp_int(msg), unconst_fp_int(mod)) != FP_LT) {
+    fp_init(&reduced_msg);
+    fp_mod(unconst_fp_int(msg), unconst_fp_int(mod), &reduced_msg);
+    msg = &reduced_msg;
+  }
 
-  const size_t len = (MAX(MAX(msg_len, exp_len), mod_len) + 3) & ~3;
+  const size_t exp_len = (fp_unsigned_bin_size(unconst_fp_int(exp)) + 3) & ~3;
+  const size_t mod_len = (fp_unsigned_bin_size(unconst_fp_int(mod)) + 3) & ~3;
 
-  uint8_t msgbuf[len], expbuf[len], modbuf[len], resbuf[len];
+  uint8_t msgbuf[mod_len];
+  uint8_t expbuf[exp_len];
+  uint8_t modbuf[mod_len];
+  uint8_t resbuf[mod_len];
 
   if ((err = unpack_fp(msg, msgbuf, sizeof(msgbuf))) != HAL_OK ||
       (err = unpack_fp(exp, expbuf, sizeof(expbuf))) != HAL_OK ||