Update mpi_gcd_invmod_odd() related comments/documentation

Signed-off-by: Felix Conway <felix.conway@arm.com>
2026-03-20 19:21:09 +01:00 · 2025-08-05 14:33:32 +01:00
parent f4df43b6c4
commit d9c4c9c441
3 changed files with 11 additions and 17 deletions
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1764,7 +1764,7 @@ int mbedtls_mpi_gcd_modinv_odd(mbedtls_mpi *G,
    }

    /* Check aliasing requirements */
-    if (A == N || G == I || (I != NULL && (I == N || G == N))) {
+    if (A == N || (I != NULL && (I == N || G == N))) {
        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
    }

--- a/library/bignum_internal.h
+++ b/library/bignum_internal.h
@@ -48,14 +48,14 @@ int mbedtls_mpi_exp_mod_unsafe(mbedtls_mpi *X, const mbedtls_mpi *A,
                               mbedtls_mpi *prec_RR);

 /**
- * \brief          Compute GCD(A, N) and/or A^-1 mod N if it exists,
- *                 in constant time.
+ * \brief          A wrapper around a constant time function to compute
+ *                 GCD(A, N) and/or A^-1 mod N if it exists.
 *
- * \warning        Requires N to be odd, and 0 <= A <= N, and N > 1 if
- *                 I != NULL.
+ * \warning        Requires N to be odd, and 0 <= A <= N. Additionally, if
+ *                 I != NULL, requires N > 1.
+ *                 The wrapper part of this function is not constant time.
 *
- * \note           G and I must not alias each other.
- *                 A and N must not alias each other.
+ * \note           A and N must not alias each other.
 *                 When I == NULL (computing only the GCD), G can alias A or N.
 *                 When I != NULL (computing the modular inverse), G or I can
 *                 alias A, but neither of them can alias N (the modulus).
--- a/tests/suites/test_suite_bignum.function
+++ b/tests/suites/test_suite_bignum.function
@@ -1162,6 +1162,8 @@ void mpi_gcd_modinv_odd_both(char *input_A, char *input_N,
    TEST_EQUAL(mbedtls_test_read_mpi(&A, input_A), 0);
    TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0);
    TEST_EQUAL(mbedtls_test_read_mpi(&exp_G, result_G), 0);
+    /* If there is no inverse then the value returned in I will be
+     * indeterminate, and so not useful or possible to test. */
    if (has_inverse) {
        TEST_EQUAL(mbedtls_test_read_mpi(&exp_I, result_I), 0);
    }
@@ -1171,8 +1173,6 @@ void mpi_gcd_modinv_odd_both(char *input_A, char *input_N,
    if (res == 0) {
        TEST_ASSERT(sign_is_valid(&G));
        TEST_EQUAL(mbedtls_mpi_cmp_mpi(&G, &exp_G), 0);
-        /* If there is no inverse then the value returned in I will be
-         * indeterminate, and so not useful or possible to test. */
        if (has_inverse) {
            TEST_ASSERT(sign_is_valid(&I));
            TEST_EQUAL(mbedtls_mpi_cmp_mpi(&I, &exp_I), 0);
@@ -1186,8 +1186,6 @@ void mpi_gcd_modinv_odd_both(char *input_A, char *input_N,
    if (res == 0) {
        TEST_ASSERT(sign_is_valid(&G));
        TEST_EQUAL(mbedtls_mpi_cmp_mpi(&G, &exp_G), 0);
-        /* If there is no inverse then the value returned in I will be
-         * indeterminate, and so not useful or possible to test. */
        if (has_inverse) {
            TEST_ASSERT(sign_is_valid(&I));
            TEST_EQUAL(mbedtls_mpi_cmp_mpi(&I, &exp_I), 0);
@@ -1206,8 +1204,6 @@ void mpi_gcd_modinv_odd_both(char *input_A, char *input_N,
    if (res == 0) {
        TEST_ASSERT(sign_is_valid(&G));
        TEST_EQUAL(mbedtls_mpi_cmp_mpi(&G, &exp_G), 0);
-        /* If there is no inverse then the value returned in I will be
-         * indeterminate, and so not useful or possible to test. */
        if (has_inverse) {
            TEST_ASSERT(sign_is_valid(&I));
            TEST_EQUAL(mbedtls_mpi_cmp_mpi(&I, &exp_I), 0);
@@ -1287,14 +1283,14 @@ void mpi_gcd_modinv_odd_only_modinv(char *input_A, char *input_N,
    mbedtls_mpi_init(&exp_I);
    TEST_EQUAL(mbedtls_test_read_mpi(&A, input_A), 0);
    TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0);
+    /* If there is no inverse then the value returned in I will be
+     * indeterminate, and so not useful or possible to test. */
    if (has_inverse) {
        TEST_EQUAL(mbedtls_test_read_mpi(&exp_I, result_I), 0);
    }

    res = mbedtls_mpi_gcd_modinv_odd(NULL, &I, &A, &N);
    TEST_EQUAL(res, return_code);
-    /* If there is no inverse then the value returned in I will be
-     * indeterminate, and so not useful or possible to test. */
    if (res == 0 && has_inverse) {
        TEST_ASSERT(sign_is_valid(&I));
        TEST_EQUAL(mbedtls_mpi_cmp_mpi(&I, &exp_I), 0);
@@ -1304,8 +1300,6 @@ void mpi_gcd_modinv_odd_only_modinv(char *input_A, char *input_N,
    TEST_EQUAL(mbedtls_test_read_mpi(&I, input_A), 0);
    res = mbedtls_mpi_gcd_modinv_odd(NULL, &I, /* A */ &I, &N);
    TEST_EQUAL(res, return_code);
-    /* If there is no inverse then the value returned in I will be
-     * indeterminate, and so not useful or possible to test. */
    if (res == 0 && has_inverse) {
        TEST_ASSERT(sign_is_valid(&I));
        TEST_EQUAL(mbedtls_mpi_cmp_mpi(&I, &exp_I), 0);