More logical parameter order for mpi_sub_hlp

mpi_sub_hlp performs a subtraction A - B, but took parameters in the
order (B, A). Swap the parameters so that they match the usual
mathematical syntax.

This has the additional benefit of putting the output parameter (A)
first, which is the normal convention in this module.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2020-06-08 22:05:13 +02:00
parent ea9ba77e55
commit dc24cece12

View file

@ -1109,8 +1109,8 @@ cleanup:
* d -= s where d and s have the same size and d >= s. * d -= s where d and s have the same size and d >= s.
*/ */
static void mpi_sub_hlp( size_t n, static void mpi_sub_hlp( size_t n,
const mbedtls_mpi_uint *s, mbedtls_mpi_uint *d,
mbedtls_mpi_uint *d ) const mbedtls_mpi_uint *s )
{ {
size_t i; size_t i;
mbedtls_mpi_uint c, z; mbedtls_mpi_uint c, z;
@ -1162,7 +1162,7 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
if( B->p[n - 1] != 0 ) if( B->p[n - 1] != 0 )
break; break;
mpi_sub_hlp( n, B->p, X->p ); mpi_sub_hlp( n, X->p, B->p );
cleanup: cleanup:
@ -1768,7 +1768,7 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi
* timing attacks. */ * timing attacks. */
/* Set d to A + (2^biL)^n - N. */ /* Set d to A + (2^biL)^n - N. */
d[n] += 1; d[n] += 1;
mpi_sub_hlp( n, N->p, d ); mpi_sub_hlp( n, d, N->p );
/* Now d - (2^biL)^n = A - N so d >= (2^biL)^n iff A >= N. /* Now d - (2^biL)^n = A - N so d >= (2^biL)^n iff A >= N.
* So we want to copy the result of the subtraction iff d->p[n] != 0. * So we want to copy the result of the subtraction iff d->p[n] != 0.
* Note that d->p[n] is either 0 or 1 since A - N <= N <= (2^biL)^n. */ * Note that d->p[n] is either 0 or 1 since A - N <= N <= (2^biL)^n. */