kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Document a conservative input range for Montgomery math functions.

Browse Source 
The functions appear to try to handle negative inputs, but it isn't
clear how negative inputs are supposed to work and/or if these
functions work the way they are supposed to given negative inputs.
There seems to be no legitimate reason to pass these functions negative
inputs, so just document that negative inputs shouldn't be used. More
specifically, document that the inputs should be in the range [0, n)
where |n| is the Montgomery modulus.

Change-Id: Id8732fb89616f10e673704e6fa09d78926c402d8
Reviewed-on: https://boringssl-review.googlesource.com/9033
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
Brian Smith 2016-07-30 21:17:10 -10:00 committed by CQ bot account: commit-bot@chromium.org
parent 899b9b19a4
commit 78f84f4e03
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
include/openssl/bn.h
View File

@ -780,19 +780,23 @@ OPENSSL_EXPORT int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod,
int BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_MUTEX *lock, int BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_MUTEX *lock,
const BIGNUM *mod, BN_CTX *bn_ctx); const BIGNUM *mod, BN_CTX *bn_ctx);
/* BN_to_montgomery sets |ret| equal to |a| in the Montgomery domain. It /* BN_to_montgomery sets |ret| equal to |a| in the Montgomery domain. |a| is
* returns one on success and zero on error. */ * assumed to be in the range [0, n), where |n| is the Montgomery modulus. It
* returns one on success or zero on error. */
OPENSSL_EXPORT int BN_to_montgomery(BIGNUM *ret, const BIGNUM *a, OPENSSL_EXPORT int BN_to_montgomery(BIGNUM *ret, const BIGNUM *a,
const BN_MONT_CTX *mont, BN_CTX *ctx); const BN_MONT_CTX *mont, BN_CTX *ctx);
/* BN_from_montgomery sets |ret| equal to |a| * R^-1, i.e. translates values /* BN_from_montgomery sets |ret| equal to |a| * R^-1, i.e. translates values out
* out of the Montgomery domain. It returns one on success or zero on error. */ * of the Montgomery domain. |a| is assumed to be in the range [0, n), where |n|
* is the Montgomery modulus. It returns one on success or zero on error. */
OPENSSL_EXPORT int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, OPENSSL_EXPORT int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a,
const BN_MONT_CTX *mont, BN_CTX *ctx); const BN_MONT_CTX *mont, BN_CTX *ctx);
/* BN_mod_mul_montgomery set |r| equal to |a| * |b|, in the Montgomery domain. /* BN_mod_mul_montgomery set |r| equal to |a| * |b|, in the Montgomery domain.
* Both |a| and |b| must already be in the Montgomery domain (by * Both |a| and |b| must already be in the Montgomery domain (by
* |BN_to_montgomery|). It returns one on success or zero on error. */ * |BN_to_montgomery|). In particular, |a| and |b| are assumed to be in the
* range [0, n), where |n| is the Montgomery modulus. It returns one on success
* or zero on error. */
OPENSSL_EXPORT int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, OPENSSL_EXPORT int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a,
const BIGNUM *b, const BIGNUM *b,
const BN_MONT_CTX *mont, BN_CTX *ctx); const BN_MONT_CTX *mont, BN_CTX *ctx);