ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-10-19 11:24:41 +08:00
Code Issues Releases Wiki Activity

Make mbedtls_mpi_gcd() more consistent

Browse Source 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
2025-08-04 10:57:13 +02:00
parent c6a9d84555
commit 381d4ba03b
4 changed files with 18 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog.d/gcd-sign.txt Normal file
View File

@@ -0,0 +1,5 @@
Changes
* The function mbedtls_mpi_gcd() now always gives a non-negative output.
Previously the output was negative when B = 0 and A < 0, which was not
documented, and inconsistent as all other inputs resulted in a non-negative
output.

3
include/mbedtls/bignum.h
View File

@@ -974,8 +974,7 @@ int mbedtls_mpi_random(mbedtls_mpi *X,
* \brief Compute the greatest common divisor: G = gcd(A, B) * \brief Compute the greatest common divisor: G = gcd(A, B)
* *
* \param G The destination MPI. This must point to an initialized MPI. * \param G The destination MPI. This must point to an initialized MPI.
* This will be positive unless \p B is 0, in which case \p A * This will always be positive or 0.
* will be returned, where \p A could be negative.
* \param A The first operand. This must point to an initialized MPI. * \param A The first operand. This must point to an initialized MPI.
* \param B The second operand. This must point to an initialized MPI. * \param B The second operand. This must point to an initialized MPI.
* *

19
library/bignum.c
View File

@@ -1834,18 +1834,19 @@ int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B)
MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B)); MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B));
TA.s = TB.s = 1; TA.s = TB.s = 1;
/* Handle special cases (that don't happen in crypto usage) */ /* Make the two values the same (non-zero) number of limbs.
if (mbedtls_mpi_core_check_zero_ct(A.p, A.n) == MBEDTLS_CT_FALSE) { * This is needed to use mbedtls_mpi_core functions below. */
return mbedtls_mpi_copy(G, TB); // GCD(0, B) = abs(B)
}
if (mbedtls_mpi_core_check_zero_ct(B.p, B.n) == MBEDTLS_CT_FALSE) {
return mbedtls_mpi_copy(G, A); // GCD(A, 0) = A (for now)
}
/* Make the two values the same (non-zero) number of limbs */
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&TA, TB.n != 0 ? TB.n : 1)); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&TA, TB.n != 0 ? TB.n : 1));
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&TB, TA.n)); // non-zero from above MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&TB, TA.n)); // non-zero from above
/* Handle special cases (that don't happen in crypto usage) */
if (mbedtls_mpi_core_check_zero_ct(TA.p, TA.n) == MBEDTLS_CT_FALSE) {
return mbedtls_mpi_copy(G, &TB); // GCD(0, B) = abs(B)
}
if (mbedtls_mpi_core_check_zero_ct(TB.p, TB.n) == MBEDTLS_CT_FALSE) {
return mbedtls_mpi_copy(G, &TA); // GCD(A, 0) = abs(A)
}
const size_t za = mbedtls_mpi_lsb(&TA); const size_t za = mbedtls_mpi_lsb(&TA);
const size_t zb = mbedtls_mpi_lsb(&TB); const size_t zb = mbedtls_mpi_lsb(&TB);

4
tests/suites/test_suite_bignum.misc.data
View File

@@ -1466,10 +1466,10 @@ Test GCD: 6, 0 (1 limb)
mpi_gcd:"06":"00":"6" mpi_gcd:"06":"00":"6"
Test GCD: negative, 0 (null) Test GCD: negative, 0 (null)
mpi_gcd:"-50000":"":"-50000" mpi_gcd:"-50000":"":"50000"
Test GCD: negative, 0 (1 limb) Test GCD: negative, 0 (1 limb)
mpi_gcd:"-a782374b2ee927df28802745833a":"00":"-a782374b2ee927df28802745833a" mpi_gcd:"-a782374b2ee927df28802745833a":"00":"a782374b2ee927df28802745833a"
Test GCD: 0 (null), negative Test GCD: 0 (null), negative
mpi_gcd:"":"-50000":"50000" mpi_gcd:"":"-50000":"50000"