Relax and test aliasing rules
This is consistent with the general rules documented at the top of the
file:
- when computing GCD(A, N), there is no modular arithmetic, so the
output can alias any of the inputs;
- when computing a modular inverse, N is the modulus, so it can't be
aliased by any of the outputs (we'll use it for modular operations
over the entire course of the function's execution).
But since this function has two modes of operations with different
aliasing rules (G can alias N only if I == NULL), I think it should
really be stated explicitly.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/bignum_core.h b/library/bignum_core.h
index 29e05cd..1589c34 100644
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@@ -826,7 +826,9 @@
*
* Requires N to be odd, and 0 <= A <= N.
*
- * None of the parameters may alias or overlap another.
+ * When I == NULL (computing only the GCD), G may alias A or N.
+ * When I != NULL (computing the modular inverse), G or I may alias A
+ * but none of them may alias N (the modulus).
*
* \param[out] G The GCD of \p A and \p N.
* Must have the same number of limbs as \p N.