diff --git a/src/arithmetic.rs b/src/arithmetic.rs index e3dc6c4489..1381f6dbac 100644 --- a/src/arithmetic.rs +++ b/src/arithmetic.rs @@ -20,8 +20,4 @@ pub mod bigint; pub mod montgomery; mod n0; - -#[allow(dead_code)] -const BIGINT_MODULUS_MAX_LIMBS: usize = 8192 / crate::limb::LIMB_BITS; - pub use constant::limbs_from_hex; diff --git a/src/arithmetic/bigint/modulus.rs b/src/arithmetic/bigint/modulus.rs index 4b88b8dada..b1231113b9 100644 --- a/src/arithmetic/bigint/modulus.rs +++ b/src/arithmetic/bigint/modulus.rs @@ -21,7 +21,7 @@ use crate::{ }; use core::marker::PhantomData; -pub const MODULUS_MAX_LIMBS: usize = super::super::BIGINT_MODULUS_MAX_LIMBS; +pub const MODULUS_MAX_LIMBS: usize = montgomery::MAX_LIMBS; /// The modulus *m* for a ring ℤ/mℤ, along with the precomputed values needed /// for efficient Montgomery multiplication modulo *m*. The value must be odd @@ -89,7 +89,7 @@ impl OwnedModulus { cpu_features: cpu::Features, ) -> Result { let n = BoxedLimbs::positive_minimal_width_from_be_bytes(input)?; - if n.len() > MODULUS_MAX_LIMBS { + if n.len() > montgomery::MAX_LIMBS { return Err(error::KeyRejected::too_large()); } if n.len() < montgomery::MIN_LIMBS { diff --git a/src/arithmetic/montgomery.rs b/src/arithmetic/montgomery.rs index cba703b0ec..48dc60d625 100644 --- a/src/arithmetic/montgomery.rs +++ b/src/arithmetic/montgomery.rs @@ -119,6 +119,12 @@ use crate::{bssl, c, limb::Limb}; /// same. pub const MIN_LIMBS: usize = 4; +/// Many functions, including assembly functions, will stack allocate +/// `n * MAX_LIMBS` (for some `n`) limbs to store temporary values. Reduce the +/// chance of stack overflows by limiting these functions according to the +/// maximum size of modulus we wish to support. +pub const MAX_LIMBS: usize = 8192 / crate::limb::LIMB_BITS; + #[inline(always)] unsafe fn mul_mont( r: *mut Limb, @@ -128,7 +134,7 @@ unsafe fn mul_mont( n0: &N0, _: cpu::Features, ) -> Result<(), error::Unspecified> { - if m.len() < MIN_LIMBS { + if m.len() < MIN_LIMBS || m.len() > MAX_LIMBS { return Err(error::Unspecified); } bn_mul_mont(r, a, b, m.as_ptr(), n0, m.len()); @@ -326,7 +332,7 @@ mod tests { ]; for (i, (r_input, a, w, expected_retval, expected_r)) in TEST_CASES.iter().enumerate() { - let mut r = [0; super::super::BIGINT_MODULUS_MAX_LIMBS]; + let mut r = [0; MAX_LIMBS]; let r = { let r = &mut r[..r_input.len()]; r.copy_from_slice(r_input); diff --git a/src/ec/suite_b/ops.rs b/src/ec/suite_b/ops.rs index 57e4c7aaa1..af4f25fd45 100644 --- a/src/ec/suite_b/ops.rs +++ b/src/ec/suite_b/ops.rs @@ -12,7 +12,12 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -use crate::{arithmetic::limbs_from_hex, arithmetic::montgomery::*, error, limb::*}; +use crate::{ + arithmetic::limbs_from_hex, + arithmetic::montgomery::{Encoding, ProductEncoding, Unencoded, R, RR}, + error, + limb::*, +}; use core::marker::PhantomData; pub use self::elem::*; diff --git a/src/ec/suite_b/ops/elem.rs b/src/ec/suite_b/ops/elem.rs index e8479f2af6..5bb15a8b55 100644 --- a/src/ec/suite_b/ops/elem.rs +++ b/src/ec/suite_b/ops/elem.rs @@ -15,7 +15,7 @@ use crate::{ arithmetic::{ limbs_from_hex, - montgomery::{Encoding, ProductEncoding}, + montgomery::{self, Encoding, ProductEncoding}, }, limb::{Limb, LIMB_BITS}, }; @@ -129,3 +129,4 @@ pub fn unary_op_from_binary_op_assign( } pub const MAX_LIMBS: usize = (384 + (LIMB_BITS - 1)) / LIMB_BITS; +const _MAX_LIMBS_IS_LESS_THAN_MAX_LIMBS: () = assert!(MAX_LIMBS <= montgomery::MAX_LIMBS);