[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Andy Polyakov
appro at openssl.org
Thu Jul 12 13:10:11 UTC 2018
The branch OpenSSL_1_1_0-stable has been updated
via 88af716e831fd7f76e2b2eab568905733b7c87eb (commit)
via 308447e3bdacd9ed55d5f8c4dd266d6aa75aab2b (commit)
via cc1fef6308ec6cb8ba6c00b20e4a8014d7847db2 (commit)
from dcb8333087d56eef97c482aabb506b8be8299cde (commit)
- Log -----------------------------------------------------------------
commit 88af716e831fd7f76e2b2eab568905733b7c87eb
Author: Andy Polyakov <appro at openssl.org>
Date: Fri Jul 6 14:54:34 2018 +0200
bn/bn_mont.c: improve readability of post-condition code.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: David Benjamin <davidben at google.com>
(Merged from https://github.com/openssl/openssl/pull/6662)
(cherry picked from commit 6c90182a5f87af1a1e462536e7123ad2afb84c43)
commit 308447e3bdacd9ed55d5f8c4dd266d6aa75aab2b
Author: Andy Polyakov <appro at openssl.org>
Date: Fri Jul 6 13:46:07 2018 +0200
bn/bn_mont.c: move boundary condition check closer to caller.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: David Benjamin <davidben at google.com>
(Merged from https://github.com/openssl/openssl/pull/6662)
(cherry picked from commit 3c97e4121ecec20cfac433883cd4709580a05620)
commit cc1fef6308ec6cb8ba6c00b20e4a8014d7847db2
Author: Andy Polyakov <appro at openssl.org>
Date: Fri Jul 6 13:16:40 2018 +0200
bn/bn_lib.c: remove bn_check_top from bn_expand2.
Trouble is that addition is postponing expansion till carry is
calculated, and if addition carries, top word can be zero, which
triggers assertion in bn_check_top.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: David Benjamin <davidben at google.com>
(Merged from https://github.com/openssl/openssl/pull/6662)
(cherry picked from commit e42395e637c3507b80b25c7ed63236898822d2f1)
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/bn_lib.c | 5 -----
crypto/bn/bn_mont.c | 18 +++++++++---------
2 files changed, 9 insertions(+), 14 deletions(-)
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index c59bdb7..8fa9f2f 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -222,8 +222,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
const BN_ULONG *B;
int i;
- bn_check_top(b);
-
if (words > (INT_MAX / (4 * BN_BITS2))) {
BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
return NULL;
@@ -298,8 +296,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
BIGNUM *bn_expand2(BIGNUM *b, int words)
{
- bn_check_top(b);
-
if (words > b->dmax) {
BN_ULONG *a = bn_expand_internal(b, words);
if (!a)
@@ -312,7 +308,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
b->dmax = words;
}
- bn_check_top(b);
return b;
}
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index dad3d07..e1d2973 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -28,9 +28,9 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
{
BIGNUM *tmp;
int ret = 0;
-#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
int num = mont->N.top;
+#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
if (num > 1 && a->top == num && b->top == num) {
if (bn_wexpand(r, num) == NULL)
return (0);
@@ -43,6 +43,9 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
}
#endif
+ if ((a->top + b->top) > 2 * num)
+ return 0;
+
BN_CTX_start(ctx);
tmp = BN_CTX_get(ctx);
if (tmp == NULL)
@@ -95,8 +98,6 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
/* clear the top words of T */
i = max - r->top;
- if (i < 0)
- return 0;
if (i)
memset(&rp[r->top], 0, sizeof(*rp) * i);
@@ -129,15 +130,14 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
*/
ap = &(r->d[nl]);
+ carry -= bn_sub_words(rp, ap, np, nl);
/*
- * |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v|
- * cannot be -1. That would imply the subtraction did not fit in |nl| words,
- * and we know at most one subtraction is needed.
+ * |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note
+ * |carry| cannot be 1. That would imply the subtraction did not fit in
+ * |nl| words, and we know at most one subtraction is needed.
*/
- v = bn_sub_words(rp, ap, np, nl) - carry;
- v = 0 - v;
for (i = 0; i < nl; i++) {
- rp[i] = (v & ap[i]) | (~v & rp[i]);
+ rp[i] = (carry & ap[i]) | (~carry & rp[i]);
ap[i] = 0;
}
bn_correct_top(r);
More information about the openssl-commits
mailing list