diff options
author | Andy Polyakov <appro@openssl.org> | 2018-07-06 15:02:29 +0200 |
---|---|---|
committer | Andy Polyakov <appro@openssl.org> | 2018-07-12 14:52:05 +0200 |
commit | 305b68f1a2b6d4d0aa07a6ab47ac372f067a40bb (patch) | |
tree | 8dad9c5e9d9f41f89956e504abd72444c8563013 /crypto/bn/bn_sqr.c | |
parent | 6c90182a5f87af1a1e462536e7123ad2afb84c43 (diff) |
bn/bn_lib.c: add BN_FLG_FIXED_TOP flag.
The new flag marks vectors that were not treated with bn_correct_top,
in other words such vectors are permitted to be zero padded. For now
it's BN_DEBUG-only flag, as initial use case for zero-padded vectors
would be controlled Montgomery multiplication/exponentiation, not
general purpose. For general purpose use another type might be more
appropriate. Advantage of this suggestion is that it's possible to
back-port it...
bn/bn_div.c: fix memory sanitizer problem.
bn/bn_sqr.c: harmonize with BN_mul.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
(Merged from https://github.com/openssl/openssl/pull/6662)
Diffstat (limited to 'crypto/bn/bn_sqr.c')
-rw-r--r-- | crypto/bn/bn_sqr.c | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index dbfe9b82b1..40f7b23b4f 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -82,14 +82,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) } rr->neg = 0; - /* - * If the most-significant half of the top word of 'a' is zero, then the - * square of 'a' will max-1 words. - */ - if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l)) - rr->top = max - 1; - else - rr->top = max; + rr->top = max; + bn_correct_top(rr); if (r != rr && BN_copy(r, rr) == NULL) goto err; |