Clean up and simplify BN_mod_lshift{,_quick}().

BN_mod_lshift() already has a BN_CTX available, make use of it rather than calling BN_dup() and BN_free(). In BN_mod_lshift_quick(), BN_copy() already handles dst == src, so avoid checking this before the call. The max_shift == 0 case can also be handled without code duplication. And as with other *_quick() functions, use BN_ucmp() and BN_usub() directly given the 0 <= a < m constraint. ok tb@
author: jsing <> 2023-02-03 05:15:40 +0000
committer: jsing <> 2023-02-03 05:15:40 +0000
commit: 8c388cc76603dfe3b33db90e5d3790131a43777b (patch)
tree: 6e3d8f6695cdf826fe518436a21713b8dd9fa231 /src
parent: a881da8482cf1ded82dda8177f3be4c5a6f48ebc (diff)
download: openbsd-8c388cc76603dfe3b33db90e5d3790131a43777b.tar.gz
openbsd-8c388cc76603dfe3b33db90e5d3790131a43777b.tar.bz2
openbsd-8c388cc76603dfe3b33db90e5d3790131a43777b.zip
1 files changed, 34 insertions, 38 deletions
diff --git a/src/lib/libcrypto/bn/bn_mod.c b/src/lib/libcrypto/bn/bn_mod.c
index 762ffb5580..2072dd904f 100644
--- a/src/lib/libcrypto/bn/bn_mod.c
+++ b/src/lib/libcrypto/bn/bn_mod.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mod.c,v 1.18 2023/02/03 05:10:57 jsing Exp $ */
+/* $OpenBSD: bn_mod.c,v 1.19 2023/02/03 05:15:40 jsing Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * for the OpenSSL project. */
 /* ====================================================================
@@ -253,64 +253,60 @@ BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
 int
 BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)
 {
-        BIGNUM *abs_m = NULL;
+        BIGNUM *abs_m;
-        int ret;
+        int ret = 0;
+        BN_CTX_start(ctx);
        if (!BN_nnmod(r, a, m, ctx))
-                return 0;
+                goto err;
-        if (m->neg) {
+        if (BN_is_negative(m)) {
-                abs_m = BN_dup(m);
+                if ((abs_m = BN_CTX_get(ctx)) == NULL)
-                if (abs_m == NULL)
+                        goto err;
-                        return 0;
+                if (BN_copy(abs_m, m) == NULL)
-                abs_m->neg = 0;
+                        goto err;
+                BN_set_negative(abs_m, 0);
+                m = abs_m;
        }
+        if (!BN_mod_lshift_quick(r, r, n, m))
+                goto err;
-        ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
+        ret = 1;
+ err:
+        BN_CTX_end(ctx);
-        BN_free(abs_m);
        return ret;
 }
-/* BN_mod_lshift variant that may be used if  a  is non-negative
+/*
- * and less than  m */
+ * BN_mod_lshift() variant that may be used if a is non-negative
+ * and has already been reduced (less than m).
+ */
 int
 BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
 {
-        if (r != a) {
+        int max_shift;
-                if (BN_copy(r, a) == NULL)
-                        return 0;
-        }
-        while (n > 0) {
+        if (BN_copy(r, a) == NULL)
-                int max_shift;
+                return 0;
-                /* 0 < r < m */
-                max_shift = BN_num_bits(m) - BN_num_bits(r);
-                /* max_shift >= 0 */
-                if (max_shift < 0) {
+        while (n > 0) {
+                if ((max_shift = BN_num_bits(m) - BN_num_bits(r)) < 0) {
                        BNerror(BN_R_INPUT_NOT_REDUCED);
                        return 0;
                }
+                if (max_shift == 0)
+                        max_shift = 1;
                if (max_shift > n)
                        max_shift = n;
-                if (max_shift) {
+                if (!BN_lshift(r, r, max_shift))
-                        if (!BN_lshift(r, r, max_shift))
+                        return 0;
-                                return 0;
+                n -= max_shift;
-                        n -= max_shift;
-                } else {
-                        if (!BN_lshift1(r, r))
-                                return 0;
-                        --n;
-                }
-                /* BN_num_bits(r) <= BN_num_bits(m) */
-                if (BN_cmp(r, m) >= 0) {
+                if (BN_ucmp(r, m) >= 0) {
-                        if (!BN_sub(r, r, m))
+                        if (!BN_usub(r, r, m))
                                return 0;
                }
        }
author	jsing <>	2023-02-03 05:15:40 +0000
committer	jsing <>	2023-02-03 05:15:40 +0000
commit	8c388cc76603dfe3b33db90e5d3790131a43777b (patch)
tree	6e3d8f6695cdf826fe518436a21713b8dd9fa231 /src
parent	a881da8482cf1ded82dda8177f3be4c5a6f48ebc (diff)
download	openbsd-8c388cc76603dfe3b33db90e5d3790131a43777b.tar.gz openbsd-8c388cc76603dfe3b33db90e5d3790131a43777b.tar.bz2 openbsd-8c388cc76603dfe3b33db90e5d3790131a43777b.zip

diff --git a/src/lib/libcrypto/bn/bn_mod.c b/src/lib/libcrypto/bn/bn_mod.c index 762ffb5580..2072dd904f 100644 --- a/src/lib/libcrypto/bn/bn_mod.c +++ b/src/lib/libcrypto/bn/bn_mod.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bn_mod.c,v 1.18 2023/02/03 05:10:57 jsing Exp $ */	1	/* $OpenBSD: bn_mod.c,v 1.19 2023/02/03 05:15:40 jsing Exp $ */
2	/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>	2	/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
3	* for the OpenSSL project. */	3	* for the OpenSSL project. */
4	/* ====================================================================	4	/* ====================================================================
@@ -253,64 +253,60 @@ BN_mod_lshift1_quick(BIGNUM r, const BIGNUM a, const BIGNUM *m)
253	int	253	int
254	BN_mod_lshift(BIGNUM r, const BIGNUM a, int n, const BIGNUM m, BN_CTX ctx)	254	BN_mod_lshift(BIGNUM r, const BIGNUM a, int n, const BIGNUM m, BN_CTX ctx)
255	{	255	{
256	BIGNUM *abs_m = NULL;	256	BIGNUM *abs_m;
257	int ret;	257	int ret = 0;
		258
		259	BN_CTX_start(ctx);
258		260
259	if (!BN_nnmod(r, a, m, ctx))	261	if (!BN_nnmod(r, a, m, ctx))
260	return 0;	262	goto err;
261		263
262	if (m->neg) {	264	if (BN_is_negative(m)) {
263	abs_m = BN_dup(m);	265	if ((abs_m = BN_CTX_get(ctx)) == NULL)
264	if (abs_m == NULL)	266	goto err;
265	return 0;	267	if (BN_copy(abs_m, m) == NULL)
266	abs_m->neg = 0;	268	goto err;
		269	BN_set_negative(abs_m, 0);
		270	m = abs_m;
267	}	271	}
		272	if (!BN_mod_lshift_quick(r, r, n, m))
		273	goto err;
268		274
269	ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));	275	ret = 1;
		276	err:
		277	BN_CTX_end(ctx);
270		278
271	BN_free(abs_m);
272	return ret;	279	return ret;
273	}	280	}
274		281
275	/* BN_mod_lshift variant that may be used if a is non-negative	282	/*
276	* and less than m */	283	* BN_mod_lshift() variant that may be used if a is non-negative
		284	* and has already been reduced (less than m).
		285	*/
277	int	286	int
278	BN_mod_lshift_quick(BIGNUM r, const BIGNUM a, int n, const BIGNUM *m)	287	BN_mod_lshift_quick(BIGNUM r, const BIGNUM a, int n, const BIGNUM *m)
279	{	288	{
280	if (r != a) {	289	int max_shift;
281	if (BN_copy(r, a) == NULL)
282	return 0;
283	}
284		290
285	while (n > 0) {	291	if (BN_copy(r, a) == NULL)
286	int max_shift;	292	return 0;
287
288	/* 0 < r < m */
289	max_shift = BN_num_bits(m) - BN_num_bits(r);
290	/* max_shift >= 0 */
291		293
292	if (max_shift < 0) {	294	while (n > 0) {
		295	if ((max_shift = BN_num_bits(m) - BN_num_bits(r)) < 0) {
293	BNerror(BN_R_INPUT_NOT_REDUCED);	296	BNerror(BN_R_INPUT_NOT_REDUCED);
294	return 0;	297	return 0;
295	}	298	}
296		299	if (max_shift == 0)
		300	max_shift = 1;
297	if (max_shift > n)	301	if (max_shift > n)
298	max_shift = n;	302	max_shift = n;
299		303
300	if (max_shift) {	304	if (!BN_lshift(r, r, max_shift))
301	if (!BN_lshift(r, r, max_shift))	305	return 0;
302	return 0;	306	n -= max_shift;
303	n -= max_shift;
304	} else {
305	if (!BN_lshift1(r, r))
306	return 0;
307	--n;
308	}
309
310	/* BN_num_bits(r) <= BN_num_bits(m) */
311		307
312	if (BN_cmp(r, m) >= 0) {	308	if (BN_ucmp(r, m) >= 0) {
313	if (!BN_sub(r, r, m))	309	if (!BN_usub(r, r, m))
314	return 0;	310	return 0;
315	}	311	}
316	}	312	}