2020-10-29 Niels Möller <nisse@lysator.liu.se>
+ * ecc-mod.c (ecc_mod): More unified handling of final carry
+ folding. Also eliminates a goto statement.
+ * testsuite/ecc-mod-test.c (test_fixed): Add another test case
+
* blowfish.c (blowfish_set_key): Add casts to uint32_t. Avoids
undefined behavior, since shifting an 8-bit value left by 24 bits
overflows the range of signed int. Reported by Guido Vranken.
rp[rn-1] = rp[rn+sn-1]
+ mpn_add_n (rp + rn - sn - 1, rp + rn - sn - 1, rp + rn - 1, sn);
}
- goto final_limbs;
}
else
{
- /* The loop below always runs at least once. But the analyzer
- doesn't realize that, and complains about hi being used later
- on without a well defined value. */
-#ifdef __clang_analyzer__
- hi = 0;
-#endif
- while (rn >= 2 * mn - bn)
+ while (rn > 2 * mn - bn)
{
rn -= sn;
}
}
- if (rn > mn)
- {
- final_limbs:
- sn = rn - mn;
-
- for (i = 0; i < sn; i++)
- rp[mn+i] = mpn_addmul_1 (rp + i, m->B, bn, rp[mn+i]);
-
- hi = mpn_add_n (rp + bn, rp + bn, rp + mn, sn);
- hi = sec_add_1 (rp + bn + sn, rp + bn + sn, mn - bn - sn, hi);
- }
+ assert (rn > mn);
+ rn -= mn;
+ assert (rn <= sn);
+
+ for (i = 0; i < rn; i++)
+ rp[mn+i] = mpn_addmul_1 (rp + i, m->B, bn, rp[mn+i]);
+
+ hi = mpn_add_n (rp + bn, rp + bn, rp + mn, rn);
+ if (rn < sn)
+ hi = sec_add_1 (rp + bn + rn, rp + bn + rn, sn - rn, hi);
shift = m->size * GMP_NUMB_BITS - m->bit_size;
if (shift > 0)
}
else
{
- hi = mpn_cnd_add_n (hi, rp, rp, m->B_shifted, mn);
+ hi = mpn_cnd_add_n (hi, rp, rp, m->B, mn);
assert (hi == 0);
}
}
test_one ("p", &_nettle_secp_384r1.p, r);
test_one ("q", &_nettle_secp_384r1.q, r);
+ /* Triggered a carry bug in development version. */
+ mpz_set_str (r, "fffffffffffffffffffffffe00000fffffffffffffffffffffffffffe00000000000000000000000000000000000fffffffc000000000000000007ffffffffff", 16);
+ test_one ("p", &_nettle_secp_224r1.p, r);
+
mpz_clear (r);
}
projects / thirdparty / nettle.git / commitdiff
