Simplify BN_mod_{lshift1,sub}_quick().

The BN_mod_.*_quick() functions require that their inputs are non-negative and are already reduced. As such, they can and should use BN_ucmp() and BN_usub() instead of BN_cmp() and BN_add()/BN_sub() (which internally call BN_uadd()/BN_usub() and potentially BN_cmp()). ok tb@
author: jsing <> 2023-02-03 05:06:20 +0000
committer: jsing <> 2023-02-03 05:06:20 +0000
commit: e89b3fff04261fbe70d2fcb24f92e4689c8ce8f4 (patch)
tree: 64e3aa7df0ba5d330f8370d337810a97c6a04572 /src
parent: 83f58ecbf919acef70e84da8fd2f8f71544141fc (diff)
download: openbsd-e89b3fff04261fbe70d2fcb24f92e4689c8ce8f4.tar.gz
openbsd-e89b3fff04261fbe70d2fcb24f92e4689c8ce8f4.tar.bz2
openbsd-e89b3fff04261fbe70d2fcb24f92e4689c8ce8f4.zip
1 files changed, 19 insertions, 13 deletions
diff --git a/src/lib/libcrypto/bn/bn_mod.c b/src/lib/libcrypto/bn/bn_mod.c
index 8a660ff0dc..4a62715974 100644
--- a/src/lib/libcrypto/bn/bn_mod.c
+++ b/src/lib/libcrypto/bn/bn_mod.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mod.c,v 1.16 2023/02/03 04:55:13 jsing Exp $ */
+/* $OpenBSD: bn_mod.c,v 1.17 2023/02/03 05:06:20 jsing Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * for the OpenSSL project. */
 /* ====================================================================
@@ -152,8 +152,10 @@ BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
        return BN_nnmod(r, r, m, ctx);
 }
-/* BN_mod_add variant that may be used if both  a  and  b  are non-negative
+/*
- * and less than  m */
+ * BN_mod_add() variant that may only be used if both a and b are non-negative
+ * and have already been reduced (less than m).
+ */
 int
 BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
 {
@@ -173,16 +175,18 @@ BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
        return BN_nnmod(r, r, m, ctx);
 }
-/* BN_mod_sub variant that may be used if both  a  and  b  are non-negative
+/*
- * and less than  m */
+ * BN_mod_sub() variant that may only be used if both a and b are non-negative
+ * and have already been reduced (less than m).
+ */
 int
 BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
 {
-        if (!BN_sub(r, a, b))
+        if (BN_ucmp(a, b) >= 0)
+                return BN_usub(r, a, b);
+        if (!BN_usub(r, b, a))
                return 0;
-        if (r->neg)
+        return BN_usub(r, m, r);
-                return BN_add(r, r, m);
-        return 1;
 }
 /* slow but works */
@@ -230,15 +234,17 @@ BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
        return BN_nnmod(r, r, m, ctx);
 }
-/* BN_mod_lshift1 variant that may be used if  a  is non-negative
+/*
- * and less than  m */
+ * BN_mod_lshift1() variant that may be used if a is non-negative
+ * and has already been reduced (less than m).
+ */
 int
 BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
 {
        if (!BN_lshift1(r, a))
                return 0;
-        if (BN_cmp(r, m) >= 0)
+        if (BN_ucmp(r, m) >= 0)
-                return BN_sub(r, r, m);
+                return BN_usub(r, r, m);
        return 1;
 }
author	jsing <>	2023-02-03 05:06:20 +0000
committer	jsing <>	2023-02-03 05:06:20 +0000
commit	e89b3fff04261fbe70d2fcb24f92e4689c8ce8f4 (patch)
tree	64e3aa7df0ba5d330f8370d337810a97c6a04572 /src
parent	83f58ecbf919acef70e84da8fd2f8f71544141fc (diff)
download	openbsd-e89b3fff04261fbe70d2fcb24f92e4689c8ce8f4.tar.gz openbsd-e89b3fff04261fbe70d2fcb24f92e4689c8ce8f4.tar.bz2 openbsd-e89b3fff04261fbe70d2fcb24f92e4689c8ce8f4.zip