[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Andy Polyakov appro at openssl.org
Thu Jul 12 13:10:11 UTC 2018 

The branch OpenSSL_1_1_0-stable has been updated
       via  88af716e831fd7f76e2b2eab568905733b7c87eb (commit)
       via  308447e3bdacd9ed55d5f8c4dd266d6aa75aab2b (commit)
       via  cc1fef6308ec6cb8ba6c00b20e4a8014d7847db2 (commit)
      from  dcb8333087d56eef97c482aabb506b8be8299cde (commit)


- Log -----------------------------------------------------------------
commit 88af716e831fd7f76e2b2eab568905733b7c87eb
Author: Andy Polyakov <appro at openssl.org>
Date:   Fri Jul 6 14:54:34 2018 +0200

    bn/bn_mont.c: improve readability of post-condition code.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: David Benjamin <davidben at google.com>
    (Merged from https://github.com/openssl/openssl/pull/6662)
    
    (cherry picked from commit 6c90182a5f87af1a1e462536e7123ad2afb84c43)

commit 308447e3bdacd9ed55d5f8c4dd266d6aa75aab2b
Author: Andy Polyakov <appro at openssl.org>
Date:   Fri Jul 6 13:46:07 2018 +0200

    bn/bn_mont.c: move boundary condition check closer to caller.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: David Benjamin <davidben at google.com>
    (Merged from https://github.com/openssl/openssl/pull/6662)
    
    (cherry picked from commit 3c97e4121ecec20cfac433883cd4709580a05620)

commit cc1fef6308ec6cb8ba6c00b20e4a8014d7847db2
Author: Andy Polyakov <appro at openssl.org>
Date:   Fri Jul 6 13:16:40 2018 +0200

    bn/bn_lib.c: remove bn_check_top from bn_expand2.
    
    Trouble is that addition is postponing expansion till carry is
    calculated, and if addition carries, top word can be zero, which
    triggers assertion in bn_check_top.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: David Benjamin <davidben at google.com>
    (Merged from https://github.com/openssl/openssl/pull/6662)
    
    (cherry picked from commit e42395e637c3507b80b25c7ed63236898822d2f1)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/bn_lib.c  |  5 -----
 crypto/bn/bn_mont.c | 18 +++++++++---------
 2 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index c59bdb7..8fa9f2f 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -222,8 +222,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
     const BN_ULONG *B;
     int i;
 
-    bn_check_top(b);
-
     if (words > (INT_MAX / (4 * BN_BITS2))) {
         BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
         return NULL;
@@ -298,8 +296,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
 
 BIGNUM *bn_expand2(BIGNUM *b, int words)
 {
-    bn_check_top(b);
-
     if (words > b->dmax) {
         BN_ULONG *a = bn_expand_internal(b, words);
         if (!a)
@@ -312,7 +308,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
         b->dmax = words;
     }
 
-    bn_check_top(b);
     return b;
 }
 
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index dad3d07..e1d2973 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -28,9 +28,9 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
 {
     BIGNUM *tmp;
     int ret = 0;
-#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
     int num = mont->N.top;
 
+#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
     if (num > 1 && a->top == num && b->top == num) {
         if (bn_wexpand(r, num) == NULL)
             return (0);
@@ -43,6 +43,9 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
     }
 #endif
 
+    if ((a->top + b->top) > 2 * num)
+        return 0;
+
     BN_CTX_start(ctx);
     tmp = BN_CTX_get(ctx);
     if (tmp == NULL)
@@ -95,8 +98,6 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
 
     /* clear the top words of T */
     i = max - r->top;
-    if (i < 0)
-        return 0;
     if (i)
         memset(&rp[r->top], 0, sizeof(*rp) * i);
 
@@ -129,15 +130,14 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
      */
     ap = &(r->d[nl]);
 
+    carry -= bn_sub_words(rp, ap, np, nl);
     /*
-     * |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v|
-     * cannot be -1. That would imply the subtraction did not fit in |nl| words,
-     * and we know at most one subtraction is needed.
+     * |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note
+     * |carry| cannot be 1. That would imply the subtraction did not fit in
+     * |nl| words, and we know at most one subtraction is needed.
      */
-    v = bn_sub_words(rp, ap, np, nl) - carry;
-    v = 0 - v;
     for (i = 0; i < nl; i++) {
-        rp[i] = (v & ap[i]) | (~v & rp[i]);
+        rp[i] = (carry & ap[i]) | (~carry & rp[i]);
         ap[i] = 0;
     }
     bn_correct_top(r);

More information about the openssl-commits mailing list