commit eeb91a600aec0fb3cf5d98f61d87e4edbe9493e1
author Eric Adamson <eadamson@fastmail.fm> Wed Feb 19 21:33:49 2020 -0500
committer Eric Adamson <eadamson@fastmail.fm> Sun Mar 22 21:57:39 2020 -0400
tree 5eeea7e72f1bff212b62744005d7bdab909e151a
parent 83499e820b562b066ccfe877bebbea0ddf5a3674

Move to single subtract implementation

Signed-off-by: Eric Adamson <eadamson@fastmail.fm>

library/bignum.c

diff --git a/library/bignum.c b/library/bignum.c
index c9eda1e..41daf57 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1330,48 +1330,11 @@
 /*
  * Helper for mbedtls_mpi subtraction
  */
-static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d )
+static void mpi_sub_hlp( const mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
 {
     size_t i;
-    mbedtls_mpi_uint c, z;
-
-    for( i = c = 0; i < n; i++, s++, d++ )
-    {
-        z = ( *d <  c );     *d -=  c;
-        c = ( *d < *s ) + z; *d -= *s;
-    }
-
-    while( c != 0 )
-    {
-        z = ( *d < c ); *d -= c;
-        c = z; d++;
-    }
-}
-
-/*
- * Unsigned subtraction: X = |A| - |B|  (HAC 14.9)
- */
-int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i, width;
     mbedtls_mpi_uint c = 0;
-
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( B != NULL );
-
-    if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
-        return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
-
-    /*
-     * X should always be positive as a result of unsigned subtractions.
-     */
-    X->s = 1;
-    ret = 0;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, A->n ) );
-    width = A->n > B->n ? B->n : A->n;
+    size_t width = A->n > B->n ? B->n : A->n;
 
     for( i = 0; i < width; i++ )
     {
@@ -1401,6 +1364,30 @@
     {
         X->p[i] = 0;
     }
+}
+
+/*
+ * Unsigned subtraction: X = |A| - |B|  (HAC 14.9)
+ */
+int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET( A != NULL );
+    MPI_VALIDATE_RET( B != NULL );
+
+    if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
+        return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
+
+    /*
+     * X should always be positive as a result of unsigned subtractions.
+     */
+    X->s = 1;
+    ret = 0;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, A->n ) );
+    mpi_sub_hlp( X, A, B );
 
 cleanup:
     return( ret );
@@ -2022,10 +2009,10 @@
     memcpy( A->p, d, ( n + 1 ) * ciL );
 
     if( mbedtls_mpi_cmp_abs( A, N ) >= 0 )
-        mpi_sub_hlp( n, N->p, A->p );
+        mpi_sub_hlp( A, A, N );
     else
         /* prevent timing attacks */
-        mpi_sub_hlp( n, A->p, T->p );
+        mpi_sub_hlp( T, T, A );
 
     return( 0 );
 }