The branch OpenSSL_1_1_0-stable has been updated via 88af716e831fd7f76e2b2eab568905733b7c87eb (commit) via 308447e3bdacd9ed55d5f8c4dd266d6aa75aab2b (commit) via cc1fef6308ec6cb8ba6c00b20e4a8014d7847db2 (commit) from dcb8333087d56eef97c482aabb506b8be8299cde (commit)
- Log ----------------------------------------------------------------- commit 88af716e831fd7f76e2b2eab568905733b7c87eb Author: Andy Polyakov <ap...@openssl.org> Date: Fri Jul 6 14:54:34 2018 +0200 bn/bn_mont.c: improve readability of post-condition code. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: David Benjamin <david...@google.com> (Merged from https://github.com/openssl/openssl/pull/6662) (cherry picked from commit 6c90182a5f87af1a1e462536e7123ad2afb84c43) commit 308447e3bdacd9ed55d5f8c4dd266d6aa75aab2b Author: Andy Polyakov <ap...@openssl.org> Date: Fri Jul 6 13:46:07 2018 +0200 bn/bn_mont.c: move boundary condition check closer to caller. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: David Benjamin <david...@google.com> (Merged from https://github.com/openssl/openssl/pull/6662) (cherry picked from commit 3c97e4121ecec20cfac433883cd4709580a05620) commit cc1fef6308ec6cb8ba6c00b20e4a8014d7847db2 Author: Andy Polyakov <ap...@openssl.org> Date: Fri Jul 6 13:16:40 2018 +0200 bn/bn_lib.c: remove bn_check_top from bn_expand2. Trouble is that addition is postponing expansion till carry is calculated, and if addition carries, top word can be zero, which triggers assertion in bn_check_top. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: David Benjamin <david...@google.com> (Merged from https://github.com/openssl/openssl/pull/6662) (cherry picked from commit e42395e637c3507b80b25c7ed63236898822d2f1) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lib.c | 5 ----- crypto/bn/bn_mont.c | 18 +++++++++--------- 2 files changed, 9 insertions(+), 14 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index c59bdb7..8fa9f2f 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -222,8 +222,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) const BN_ULONG *B; int i; - bn_check_top(b); - if (words > (INT_MAX / (4 * BN_BITS2))) { BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG); return NULL; @@ -298,8 +296,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) BIGNUM *bn_expand2(BIGNUM *b, int words) { - bn_check_top(b); - if (words > b->dmax) { BN_ULONG *a = bn_expand_internal(b, words); if (!a) @@ -312,7 +308,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) b->dmax = words; } - bn_check_top(b); return b; } diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index dad3d07..e1d2973 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -28,9 +28,9 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, { BIGNUM *tmp; int ret = 0; -#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) int num = mont->N.top; +#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) if (num > 1 && a->top == num && b->top == num) { if (bn_wexpand(r, num) == NULL) return (0); @@ -43,6 +43,9 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } #endif + if ((a->top + b->top) > 2 * num) + return 0; + BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); if (tmp == NULL) @@ -95,8 +98,6 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) /* clear the top words of T */ i = max - r->top; - if (i < 0) - return 0; if (i) memset(&rp[r->top], 0, sizeof(*rp) * i); @@ -129,15 +130,14 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) */ ap = &(r->d[nl]); + carry -= bn_sub_words(rp, ap, np, nl); /* - * |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v| - * cannot be -1. That would imply the subtraction did not fit in |nl| words, - * and we know at most one subtraction is needed. + * |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note + * |carry| cannot be 1. That would imply the subtraction did not fit in + * |nl| words, and we know at most one subtraction is needed. */ - v = bn_sub_words(rp, ap, np, nl) - carry; - v = 0 - v; for (i = 0; i < nl; i++) { - rp[i] = (v & ap[i]) | (~v & rp[i]); + rp[i] = (carry & ap[i]) | (~carry & rp[i]); ap[i] = 0; } bn_correct_top(r); _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits