|
8 | 8 | #define SECP256K1_MODINV32_IMPL_H |
9 | 9 |
|
10 | 10 | #include "modinv32.h" |
11 | | - |
12 | 11 | #include "util.h" |
13 | 12 |
|
14 | | -#include <stdlib.h> |
15 | | - |
16 | 13 | /* This file implements modular inversion based on the paper "Fast constant-time gcd computation and |
17 | 14 | * modular inversion" by Daniel J. Bernstein and Bo-Yin Yang. |
18 | 15 | * |
|
21 | 18 | */ |
22 | 19 |
|
23 | 20 | #ifdef VERIFY |
| 21 | +/* Helper function to compute the absolute value of an int32_t. |
| 22 | + * (We don't use abs/labs/llabs as they depend on the int sizes and require stdlib.h.) */ |
| 23 | +static int64_t secp256k1_modinv32_abs(int32_t v) { |
| 24 | + VERIFY_CHECK(v > INT32_MIN); |
| 25 | + if (v < 0) return -v; |
| 26 | + return v; |
| 27 | +} |
| 28 | + |
24 | 29 | static const secp256k1_modinv32_signed30 SECP256K1_SIGNED30_ONE = {{1}}; |
25 | 30 |
|
26 | 31 | /* Compute a*factor and put it in r. All but the top limb in r will be in range [0,2^30). */ |
@@ -415,8 +420,8 @@ static void secp256k1_modinv32_update_de_30(secp256k1_modinv32_signed30 *d, secp |
415 | 420 | VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, 1) < 0); /* d < modulus */ |
416 | 421 | VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, -2) > 0); /* e > -2*modulus */ |
417 | 422 | VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, 1) < 0); /* e < modulus */ |
418 | | - VERIFY_CHECK(labs(u) <= (M30 + 1 - labs(v))); /* |u|+|v| <= 2^30 */ |
419 | | - VERIFY_CHECK(labs(q) <= (M30 + 1 - labs(r))); /* |q|+|r| <= 2^30 */ |
| 423 | + VERIFY_CHECK(secp256k1_modinv32_abs(u) <= (M30 + 1 - secp256k1_modinv32_abs(v))); /* |u|+|v| <= 2^30 */ |
| 424 | + VERIFY_CHECK(secp256k1_modinv32_abs(q) <= (M30 + 1 - secp256k1_modinv32_abs(r))); /* |q|+|r| <= 2^30 */ |
420 | 425 |
|
421 | 426 | /* [md,me] start as zero; plus [u,q] if d is negative; plus [v,r] if e is negative. */ |
422 | 427 | sd = d->v[8] >> 31; |
|
0 commit comments