Simplify some unnecessary sign bit juggling
Some functions try to accomodate negative moduli by figuring out whether
to BN_add or BN_sub. Under the hood, those functions will do further
sign bits and comparisons to decide whether to BN_uadd or BN_usub. We
can just call the right one from the start.
Change-Id: I2e64b05522c93ee831f6d6e9f7d1380411fbb71b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/70813
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/fipsmodule/bn/div.c.inc b/crypto/fipsmodule/bn/div.c.inc
index b321ff5..06c4db5 100644
--- a/crypto/fipsmodule/bn/div.c.inc
+++ b/crypto/fipsmodule/bn/div.c.inc
@@ -372,8 +372,9 @@
return 1;
}
- // now -|d| < r < 0, so we have to set r := r + |d|.
- return (d->neg ? BN_sub : BN_add)(r, r, d);
+ // now -d < r < 0, so we have to set r := r + d. Ignoring the sign bits, this
+ // is r = d - r.
+ return BN_usub(r, d, r);
}
BN_ULONG bn_reduce_once(BN_ULONG *r, const BN_ULONG *a, BN_ULONG carry,
diff --git a/crypto/fipsmodule/bn/sqrt.c.inc b/crypto/fipsmodule/bn/sqrt.c.inc
index f976753..4cc8d6e 100644
--- a/crypto/fipsmodule/bn/sqrt.c.inc
+++ b/crypto/fipsmodule/bn/sqrt.c.inc
@@ -236,7 +236,7 @@
goto end;
}
if (BN_ucmp(y, p) >= 0) {
- if (!(p->neg ? BN_add : BN_sub)(y, y, p)) {
+ if (BN_usub(y, y, p)) {
goto end;
}
}