Merge pull request #6235 from tom-cosgrove-arm/issue-6231-core-sub-int

Bignum: extract core_sub_int from the prototype
2025-07-28 00:21:48 +03:00 · 2022-11-23 13:32:02 +00:00
parent ef25a99f20 d66d5b2fef
commit 531a871b88
5 changed files with 115 additions and 7 deletions
--- a/library/bignum.c
+++ b/library/bignum.c
@ -968,17 +968,15 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
    carry = mbedtls_mpi_core_sub( X->p, A->p, B->p, n );
    if( carry != 0 )
    {
-        /* Propagate the carry to the first nonzero limb of X. */
-        for( ; n < X->n && X->p[n] == 0; n++ )
-            --X->p[n];
-        /* If we ran out of space for the carry, it means that the result
-         * is negative. */
-        if( n == X->n )
+        /* Propagate the carry through the rest of X. */
+        carry = mbedtls_mpi_core_sub_int( X->p + n, X->p + n, carry, X->n - n );
+
+        /* If we have further carry/borrow, the result is negative. */
+        if( carry != 0 )
        {
            ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE;
            goto cleanup;
        }
-        --X->p[n];
    }

    /* X should always be positive as a result of unsigned subtractions. */
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@ -590,6 +590,22 @@ cleanup:

 /* BEGIN MERGE SLOT 3 */

+mbedtls_mpi_uint mbedtls_mpi_core_sub_int( mbedtls_mpi_uint *X,
+                                           const mbedtls_mpi_uint *A,
+                                           mbedtls_mpi_uint c, /* doubles as carry */
+                                           size_t limbs )
+{
+    for( size_t i = 0; i < limbs; i++ )
+    {
+        mbedtls_mpi_uint s = A[i];
+        mbedtls_mpi_uint t = s - c;
+        c = ( t > s );
+        X[i] = t;
+    }
+
+    return( c );
+}
+
 /* END MERGE SLOT 3 */

 /* BEGIN MERGE SLOT 4 */
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@ -504,6 +504,23 @@ int mbedtls_mpi_core_fill_random( mbedtls_mpi_uint *X, size_t X_limbs,

 /* BEGIN MERGE SLOT 3 */

+/**
+ * \brief Subtract unsigned integer from known-size large unsigned integers.
+ *        Return the borrow.
+ *
+ * \param[out] X    The result of the subtraction.
+ * \param[in] A     The left operand.
+ * \param b         The unsigned scalar to subtract.
+ * \param limbs     Number of limbs of \p X and \p A.
+ *
+ * \return          1 if `A < b`.
+ *                  0 if `A >= b`.
+ */
+mbedtls_mpi_uint mbedtls_mpi_core_sub_int( mbedtls_mpi_uint *X,
+                                           const mbedtls_mpi_uint *A,
+                                           mbedtls_mpi_uint b,
+                                           size_t limbs );
+
 /* END MERGE SLOT 3 */

 /* BEGIN MERGE SLOT 4 */