bn/bn_lib.c: add BN_FLG_FIXED_TOP flag.

The new flag marks vectors that were not treated with bn_correct_top, in other words such vectors are permitted to be zero padded. For now it's BN_DEBUG-only flag, as initial use case for zero-padded vectors would be controlled Montgomery multiplication/exponentiation, not general purpose. For general purpose use another type might be more appropriate. Advantage of this suggestion is that it's possible to back-port it... bn/bn_div.c: fix memory sanitizer problem. bn/bn_sqr.c: harmonize with BN_mul. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: David Benjamin <davidben@google.com> (Merged from https://github.com/openssl/openssl/pull/6662)
author: Andy Polyakov <appro@openssl.org> 2018-07-06 15:02:29 +0200
committer: Andy Polyakov <appro@openssl.org> 2018-07-12 14:52:05 +0200
commit: 305b68f1a2b6d4d0aa07a6ab47ac372f067a40bb (patch)
tree: 8dad9c5e9d9f41f89956e504abd72444c8563013 /crypto/bn/bn_sqr.c
parent: 6c90182a5f87af1a1e462536e7123ad2afb84c43 (diff)
1 files changed, 2 insertions, 8 deletions
diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c
index dbfe9b82b1..40f7b23b4f 100644
--- a/crypto/bn/bn_sqr.c
+++ b/crypto/bn/bn_sqr.c
@@ -82,14 +82,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
     }
 
     rr->neg = 0;
-    /*
-     * If the most-significant half of the top word of 'a' is zero, then the
-     * square of 'a' will max-1 words.
-     */
-    if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
-        rr->top = max - 1;
-    else
-        rr->top = max;
+    rr->top = max;
+    bn_correct_top(rr);
     if (r != rr && BN_copy(r, rr) == NULL)
         goto err;
author	Andy Polyakov <appro@openssl.org>	2018-07-06 15:02:29 +0200
committer	Andy Polyakov <appro@openssl.org>	2018-07-12 14:52:05 +0200
commit	305b68f1a2b6d4d0aa07a6ab47ac372f067a40bb (patch)
tree	8dad9c5e9d9f41f89956e504abd72444c8563013 /crypto/bn/bn_sqr.c
parent	6c90182a5f87af1a1e462536e7123ad2afb84c43 (diff)