diff options
author | Cesar Pereida Garcia <cesar.pereidagarcia@tut.fi> | 2019-10-16 12:10:18 +0300 |
---|---|---|
committer | Nicola Tuveri <nic.tuv@gmail.com> | 2019-10-17 14:25:10 +0300 |
commit | 8eba6de59e2b06f23c214344423a5a618d1c9ffd (patch) | |
tree | a34060ce108b855e9c96caea8106624dcc073184 /crypto/bn/bn_gcd.c | |
parent | cd32a0f5894344b6c8739a3586a20683a6bf2d5a (diff) |
Unify BN_rshift design
This commit aims at refactoring the `BN_rshift` by making it a wrapper
around `bn_rshift_fixed_top`, in order to match the current design of
`BN_lshift`, as suggested in the discussion at
https://github.com/openssl/openssl/pull/10122#discussion_r332474277 .
As described in the code, by refactoring this function, `BN_rshift`
provides a constant-time behavior for sufficiently[!] zero-padded inputs
under the following assumptions: `|n < BN_BITS2|` or `|n / BN_BITS2|`
being non-secret.
Notice that `BN_rshift` returns a canonical representation of the
BIGNUM, if a `fixed_top` representation is required, the caller should
call `bn_rshift_fixed_top` instead.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10196)
Diffstat (limited to 'crypto/bn/bn_gcd.c')
0 files changed, 0 insertions, 0 deletions