Explicitly guarantee BN_MONT_CTX::{RR,N} have the same width. This is so the *_small functions can assume somewhat more uniform widths, to simplify their error-handling. Change-Id: I0420cb237084b253e918c64b0c170a5dfd99ab40 Reviewed-on: https://boringssl-review.googlesource.com/27584 Reviewed-by: Adam Langley <alangley@gmail.com>

commit: cd01254900b1e5200b5a16b94d4240fc9e4948e3 [log] [tgz]
author: David Benjamin <davidben@google.com> Tue Apr 03 23:15:08 2018 -0400
committer: Adam Langley <alangley@gmail.com> Tue Apr 24 15:22:09 2018 +0000
tree: 00a36ebf92de75bc4e91cfeeeaecac4fff637213
parent: e3aba378c9cf7b7cbf4774fe9f8f9b8eb299692e [diff] [blame]
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index b0f8a2d..90b4b36 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h

@@ -957,9 +957,10 @@
 };
 
 struct bn_mont_ctx_st {
-  // RR is R^2, reduced modulo |N|. It is used to convert to Montgomery form.
+  // RR is R^2, reduced modulo |N|. It is used to convert to Montgomery form. It
+  // is guaranteed to have the same width as |N|.
   BIGNUM RR;
-  // N is the modulus. It is always stored in minimal form, so |N.top|
+  // N is the modulus. It is always stored in minimal form, so |N.width|
   // determines R.
   BIGNUM N;
   BN_ULONG n0[2];  // least significant words of (R*Ri-1)/N
commit	cd01254900b1e5200b5a16b94d4240fc9e4948e3	[log] [tgz]
author	David Benjamin <davidben@google.com>	Tue Apr 03 23:15:08 2018 -0400
committer	Adam Langley <alangley@gmail.com>	Tue Apr 24 15:22:09 2018 +0000
tree	00a36ebf92de75bc4e91cfeeeaecac4fff637213
parent	e3aba378c9cf7b7cbf4774fe9f8f9b8eb299692e [diff] [blame]