Update mpi_gcd_invmod_odd() related comments/documentation
Signed-off-by: Felix Conway <felix.conway@arm.com>
diff --git a/library/bignum.c b/library/bignum.c
index 2f2ce6a..e141cda 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1764,7 +1764,7 @@
}
/* Check aliasing requirements */
- if (A == N || G == I || (I != NULL && (I == N || G == N))) {
+ if (A == N || (I != NULL && (I == N || G == N))) {
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
diff --git a/library/bignum_internal.h b/library/bignum_internal.h
index ee2220a..f3f6fcb 100644
--- a/library/bignum_internal.h
+++ b/library/bignum_internal.h
@@ -48,14 +48,14 @@
mbedtls_mpi *prec_RR);
/**
- * \brief Compute GCD(A, N) and/or A^-1 mod N if it exists,
- * in constant time.
+ * \brief A wrapper around a constant time function to compute
+ * GCD(A, N) and/or A^-1 mod N if it exists.
*
- * \warning Requires N to be odd, and 0 <= A <= N, and N > 1 if
- * I != NULL.
+ * \warning Requires N to be odd, and 0 <= A <= N. Additionally, if
+ * I != NULL, requires N > 1.
+ * The wrapper part of this function is not constant time.
*
- * \note G and I must not alias each other.
- * A and N must not alias each other.
+ * \note A and N must not alias each other.
* When I == NULL (computing only the GCD), G can alias A or N.
* When I != NULL (computing the modular inverse), G or I can
* alias A, but neither of them can alias N (the modulus).
diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function
index 7454fb8..2a9d878 100644
--- a/tests/suites/test_suite_bignum.function
+++ b/tests/suites/test_suite_bignum.function
@@ -1162,6 +1162,8 @@
TEST_EQUAL(mbedtls_test_read_mpi(&A, input_A), 0);
TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0);
TEST_EQUAL(mbedtls_test_read_mpi(&exp_G, result_G), 0);
+ /* If there is no inverse then the value returned in I will be
+ * indeterminate, and so not useful or possible to test. */
if (has_inverse) {
TEST_EQUAL(mbedtls_test_read_mpi(&exp_I, result_I), 0);
}
@@ -1171,8 +1173,6 @@
if (res == 0) {
TEST_ASSERT(sign_is_valid(&G));
TEST_EQUAL(mbedtls_mpi_cmp_mpi(&G, &exp_G), 0);
- /* If there is no inverse then the value returned in I will be
- * indeterminate, and so not useful or possible to test. */
if (has_inverse) {
TEST_ASSERT(sign_is_valid(&I));
TEST_EQUAL(mbedtls_mpi_cmp_mpi(&I, &exp_I), 0);
@@ -1186,8 +1186,6 @@
if (res == 0) {
TEST_ASSERT(sign_is_valid(&G));
TEST_EQUAL(mbedtls_mpi_cmp_mpi(&G, &exp_G), 0);
- /* If there is no inverse then the value returned in I will be
- * indeterminate, and so not useful or possible to test. */
if (has_inverse) {
TEST_ASSERT(sign_is_valid(&I));
TEST_EQUAL(mbedtls_mpi_cmp_mpi(&I, &exp_I), 0);
@@ -1206,8 +1204,6 @@
if (res == 0) {
TEST_ASSERT(sign_is_valid(&G));
TEST_EQUAL(mbedtls_mpi_cmp_mpi(&G, &exp_G), 0);
- /* If there is no inverse then the value returned in I will be
- * indeterminate, and so not useful or possible to test. */
if (has_inverse) {
TEST_ASSERT(sign_is_valid(&I));
TEST_EQUAL(mbedtls_mpi_cmp_mpi(&I, &exp_I), 0);
@@ -1287,14 +1283,14 @@
mbedtls_mpi_init(&exp_I);
TEST_EQUAL(mbedtls_test_read_mpi(&A, input_A), 0);
TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0);
+ /* If there is no inverse then the value returned in I will be
+ * indeterminate, and so not useful or possible to test. */
if (has_inverse) {
TEST_EQUAL(mbedtls_test_read_mpi(&exp_I, result_I), 0);
}
res = mbedtls_mpi_gcd_modinv_odd(NULL, &I, &A, &N);
TEST_EQUAL(res, return_code);
- /* If there is no inverse then the value returned in I will be
- * indeterminate, and so not useful or possible to test. */
if (res == 0 && has_inverse) {
TEST_ASSERT(sign_is_valid(&I));
TEST_EQUAL(mbedtls_mpi_cmp_mpi(&I, &exp_I), 0);
@@ -1304,8 +1300,6 @@
TEST_EQUAL(mbedtls_test_read_mpi(&I, input_A), 0);
res = mbedtls_mpi_gcd_modinv_odd(NULL, &I, /* A */ &I, &N);
TEST_EQUAL(res, return_code);
- /* If there is no inverse then the value returned in I will be
- * indeterminate, and so not useful or possible to test. */
if (res == 0 && has_inverse) {
TEST_ASSERT(sign_is_valid(&I));
TEST_EQUAL(mbedtls_mpi_cmp_mpi(&I, &exp_I), 0);