From: jsing <jsing@openbsd.org>
Date: Fri, 3 Feb 2023 05:06:20 +0000 (+0000)
Subject: Simplify BN_mod_{lshift1,sub}_quick().
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=5169a775cb2b73f8e2adb91a445ca98af14c3e16;p=openbsd

Simplify BN_mod_{lshift1,sub}_quick().

The BN_mod_.*_quick() functions require that their inputs are non-negative
and are already reduced. As such, they can and should use BN_ucmp() and
BN_usub() instead of BN_cmp() and BN_add()/BN_sub() (which internally call
BN_uadd()/BN_usub() and potentially BN_cmp()).

ok tb@
---

diff --git a/lib/libcrypto/bn/bn_mod.c b/lib/libcrypto/bn/bn_mod.c
index 8a660ff0dcd..4a627159740 100644
--- a/lib/libcrypto/bn/bn_mod.c
+++ b/lib/libcrypto/bn/bn_mod.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mod.c,v 1.16 2023/02/03 04:55:13 jsing Exp $ */
+/* $OpenBSD: bn_mod.c,v 1.17 2023/02/03 05:06:20 jsing Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * for the OpenSSL project. */
 /* ====================================================================
@@ -152,8 +152,10 @@ BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
 	return BN_nnmod(r, r, m, ctx);
 }
 
-/* BN_mod_add variant that may be used if both  a  and  b  are non-negative
- * and less than  m */
+/*
+ * BN_mod_add() variant that may only be used if both a and b are non-negative
+ * and have already been reduced (less than m).
+ */
 int
 BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
 {
@@ -173,16 +175,18 @@ BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
 	return BN_nnmod(r, r, m, ctx);
 }
 
-/* BN_mod_sub variant that may be used if both  a  and  b  are non-negative
- * and less than  m */
+/*
+ * BN_mod_sub() variant that may only be used if both a and b are non-negative
+ * and have already been reduced (less than m).
+ */
 int
 BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
 {
-	if (!BN_sub(r, a, b))
+	if (BN_ucmp(a, b) >= 0)
+		return BN_usub(r, a, b);
+	if (!BN_usub(r, b, a))
 		return 0;
-	if (r->neg)
-		return BN_add(r, r, m);
-	return 1;
+	return BN_usub(r, m, r);
 }
 
 /* slow but works */
@@ -230,15 +234,17 @@ BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
 	return BN_nnmod(r, r, m, ctx);
 }
 
-/* BN_mod_lshift1 variant that may be used if  a  is non-negative
- * and less than  m */
+/*
+ * BN_mod_lshift1() variant that may be used if a is non-negative
+ * and has already been reduced (less than m).
+ */
 int
 BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
 {
 	if (!BN_lshift1(r, a))
 		return 0;
-	if (BN_cmp(r, m) >= 0)
-		return BN_sub(r, r, m);
+	if (BN_ucmp(r, m) >= 0)
+		return BN_usub(r, r, m);
 	return 1;
 }